Permission Schemes/Project Roles/User Groups

David Kiellar September 20, 2012

So i have two projects. Two project roles (Project_Admin and Project_User). Created two user groups (users_programA and users_programB).

So I added a user, added him to users_programA user group. users_programA user group has the project role of Project_User.

I have a default permissions scheme that has the project role of Project_User to create, edit, view issues, etc.

When the user logs in, he can create an issue, but then cant view it or anything. Do I have to assign that permissions scheme to the user group and if so, how do i do that?

1 answer

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 20, 2012

No, permissions are all project related, nothing to do with groups.

It sounds like you have everything set up correctly, but I'd go over it VERY carefully. I.e.

  1. User is definitely in the group users_ProgramA
  2. The group users_ProgramA is definitely in the role of Project_User, in ProjectA
  3. ProjectA is definitely using the default permission scheme
  4. The default permission scheme definitely has Role(Project_User) able to Create, Edit, View etc

(I suspect the problem is line 3 or 4 to be honest)

Except...

Are you using any form of "security scheme"? That could break all the generalised stuff above quite spectacularly and it's the only thing I can think of that you haven't mentioned!

David Kiellar September 20, 2012

Thank you, I will take a look again at what you suggested. I do not have any security schemes

David Kiellar September 20, 2012

Ok, so following you.

1. User is definitely in group users_programA

2.I go to Projects > ProgramA > People. Project Role Program Users is listed and in that row under groups is says users_ProgramA.

3.I go to Projects > ProgramA > Permissions and Default Permission scheme is showing.

4.If i view the default permission screen, it has the project role Program Users is show on almost everything.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 20, 2012

Ok, that's sort of good - you have set up everything correctly. Only thing I really missed is that on line 4, I should have said "check the 'browse' line most carefully" - not too worried about the others, but 'Create' and 'Browse' are the important ones for this question. The check here is not quite that they are the same, but that every user/group who has 'create' is in 'browse' as well (don't care if the 'browse' permission has more users/groups in it, just that everyone who can create, can browse too)

The only other thing to check is that the user is logged in correctly (not anonymous), and doesn't have duplicate accounts mixing it up - get them to click on their profile and list off their user login and all the groups they're in.

If that's all correct, then I'm completely stuck, unless you've got some extra security plugin or something.

David Kiellar September 20, 2012

Here are some screen shots.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 20, 2012

Ah-ha! I think the 3rd screenshot explains it. I would expect you (Assuming David = DavidK) to be able to create and view issues. But I would expect Brian to be able to create issues, and then not be able to see them after he creates them.

It's the "browse projects" permission in the "project permission" section. It's not a good use of English in this screen in my opinion, it should really say something more like "Can browse the issues in this project".

Short answer - I think you need to add "Project Role (project_users)" to the browse permission.

David Kiellar September 20, 2012

Yup, that did the trick. I thought that meant something else.

Suggest an answer

Log in or Sign up to answer