Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,359,862
Community Members
 
Community Events
168
Community Groups

How to restrict Crucible project access to only authors of commits on its default repository

Yves Martin
Yves Martin Jan 03, 2013

I have setup LDAP restriction on each Crucible repository based on a group, which is already used to restrict Subversion commit thanks to a pre-commit hook.

The LDAP restriction is:

(&(objectClass=person)(sAMAccountName=${USERNAME})(memberOf=CN=prj_MyProject,OU=Projects,OU=Groups,DC=mydomain,DC=com))

Now I want to apply the same kind of restriction for project and reviews.

So I have copied agile permission scheme and have removed All logged in users from View and Create permissions to rely on the Author review role, which is supposed to look at commit author field, based on user mapping, according to

https://confluence.atlassian.com/display/CRUCIBLE/authors+in+Crucible

I expect users that have already committed into a project's default repository are allowed to view and create reviews for that project.

But it does not work. Users in group prj_MyProject can browse repository commit but have no access to the corresponding project.

I have checked users' mapping information, because Crucible and Subversion usernames does not match implicitly.

Project's fields for Default reviewers and Allowed Review Participants are blank.

How to achieve such a setup (I am used to do with JIRA projects' role and permissions scheme) ?

Is my understanding of the Author Review role wrong ?

Thank you in advance for your help

Answer
Watch
Like Be the first to like this
1021 views

2 answers

1 accepted

0 votes
Answer accepted
Yves Martin
Yves Martin Oct 03, 2013

Based on the answer I got from Atlassian Support, here is my current setup process to get such per-project restrictions (in additional to per-repository LDAP restriction):

  • create a group "users-X" to list project "X" users
  • create a scheme "agile-X" for each project "X", with "users-X" group in "View" and "Create" permissions

I agree it fulfills the security needs I have BUT it is really heavy to setup (compared to JIRA project roles and permission schemes for instance). I am still looking for ways to automate all that administrative work.

Reply
0 votes
Avdhesh Chauhan
Avdhesh Chauhan Rising Star Jan 28, 2013

PLease check the view permission in your permission schme - may be its not mapped correctly

A person who has comitted cannot view the crucible project by default - it all depends on the view permission scheme

View More Comments
Yves Martin
Yves Martin Oct 03, 2013

The View permission in scheme includes "Reviewer, Creator, Author, Moderator".

The answer I got from Atlassian Support was:

  • create a group for a project users

- creat

Like
Yves Martin
Yves Martin Oct 03, 2013

The View permission includes "Review Roles: Reviewer, Creator, Author, Moderator".

Like
Reply

Suggest an answer

Log in or Sign up to answer
Fisheye
Fisheye/Crucible
TAGS
Community showcase
Sharon Tan
Sharon Tan
Published in Jira

Online AMA this week: Your project management questions answered by Jira Design Lead James Rotanson

We know that great teams require amazing project management chops. It's no surprise that great teams who use Jira have strong project managers, effective workflows, and secrets that bring planning ...

172 views 1 6
Read article

Atlassian Community Events

See all events