Can I restrict access to the Project report?

I do not want my users to see other people's logged time / worklogs. Therefore I would like to restrict access to the project report.

I found no permission setting that would allow me to do that. I found a module to disable the dropdown in the Tempo JIRA topnav bar, but all reports are still available from the timesheet view.

6 answers

0 vote
Ahmad Danial Atlassian Team Apr 21, 2013

Hey there, Fabian.

I would recommend you to contact the plugin vendor directly so that you can have your questions answered quicker. Review the following information:

  1. Name: TM Software for Tempo (https://marketplace.atlassian.com/plugins/is.origo.jira.tempo-plugin)
  2. Address: Borgartun 37, Reykjavik 105, Iceland
  3. Email: support@tempoplugin.com
  4. Phone: +354 545 3000
  5. Homepage: http://www.tempoplugin.com/</li<>>

Hope this helps.

Warm regards,

Danial

Can Atlassian please consider stopping answering Tempo specific questions with a generic answer? The users come to this site from Atlassian Marketplace and are encouraged to ask questions about the plugin. We are happy to answer such questions on this site.

Ahmad Danial Atlassian Team Apr 21, 2013

Hey there, Viðar.

Noted. Will keep the questions open so that you are able to answer them here. Pardon me for the inconvenience. :)

Warm regards,

Danial

public boolean showReport()

{

return // Add condition who i.e. Project Role , Group, User can view report.

//eg.return (ctx.getUser() != null) && (ComponentAccessor.getCrowdService().isUserMemberOfGroup(ctx.getUser().getName(), "jira-administrators"));

}

Hi Onkar, where do I need to define this?

Hi Fabian,

You can specify a project role that can view others worklogs. See the documentation for details.

Cheers,
Viðar

I did configure it so nobody can see other peoples worklogs. However, the project report still shows other peoples logged work :(

Our managers are complaining that this is a privacy issue.

I was not able to resolve this using the permissions neither by disabling modules.

Please help!

Hi Fabian

All users who are in team leader role in Tempo will see worklogs of all users in the team member roles given that they have browse permission for the project in JIRA.

https://tempoplugin.jira.com/wiki/display/TEMPO/Manage+Teams

Please verify your team configurations

Sverrir Tynes
Tempo support

Nobody has the team leader role, yet everybody can see the timesheet's project report that clearly shows other peoples logged hours + worklogs.

Hi Fabian

I guess there is some misunderstanding here. Only team leaders can view other users worklogs in Tempo project report. Team members can view own worklogs in project reports and the total sum of other users logged work in the project timesheet. The above is the default behavior in Tempo.

There is also an option to restrict the view for team members by selecting a project role as documented on this page

https://tempoplugin.jira.com/wiki/display/TEMPO/Project+Role+to+View+Other+Users

If the above does n answer your question can you attach a screeshot of your problem here or in a private support issue in our support channel.

https://tempoplugin.jira.com/wiki/display/JTS/Getting+Help+and+Support

Sverrir Tynes
Tempo support

Our users cannot access other users' timesheet but they have access to this project report:

Hi Fabian

Please read the documentation page for the Project Role as mentioned earlier herehttps://tempoplugin.jira.com/wiki/display/TEMPO/Project+Role+to+View+Other+Users

and see the two two screenshots after this text

Screenshot: The Project Timesheet with the default option No Role Set as view by Team Members (Paul Bergen)

/Sverrir

Not very intuitive and also I could not find it when I crawled thorugh your documentation.

Whereas it seems to answer the question, there is a major problem it:

According to German law, only the direct supervisor is allowed to access this information (because he has to) but nobody else.

Following your suggestion, I can see two scenarios:

  1. I assign the role “Administrator” to "Project role to view worklogs of other users"
  2. I assign a new role without any users to "Project role to view worklogs of other users"

Either way, there is a big problem with it, because Greenhopper requires every SCRUM master to have the “Administer Projects” permission for all projects his team is working on. This means for the two scenarios:

  1. A huge amount of users (approx. 30) will have the rights to access other peoples worklogs
  2. Nobody will have the rights to access other peoples worklogs. However, since the approx. 30 people have the “Administer Projects” permission, they can assign users and groups to roles for their projects. This means they can just add themselves to the empty role and gain access to other people’s worklogs.

This is a big concern to us, because it means that we cannot use Tempo in our company because it does not meet the legal requirements in Germany.

We need to have the ability to enable the group of people who can access other people’s worklogs on a global administration level and not on a project administrator level or we need to be able to completely disable the project report.

Fabian,

The correct way would be to create a new role (Time Tracking Admin) and only give the direct administrator this role. But like you said, if you have 30 people with project admin permission, then they can add themselves to this role. So we need to look at why you need all these users to have project admin permission. The requirement from GreenHopper that Scrum masters need project admin perission is the problem here. It would be much better if GH would allow you to also specify a "Scrum Master" project role.

Given this information, I don't see how Tempo could achive this problem with GreenHopper. Project Roles is the best configuration option to contol this kind of permissions and in my opinion, requiring every Scrum Master to be project admin on all projects is the source of the problem. This behaviour in GreenHopper breaks any plugin that uses project roles for permission handling because you said, the project admin can simply give himself the permission he wants.

It is a big concern to us as well that GreenHopper can't operate without opening up permissions configurations as you described. There is already an issue for this in the GreenHopper project, GHS-4701. Lets continue this discussion there.

Thanks for pointing this out,

Viðar

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published Apr 10, 2018 in Marketplace Apps

Learn about how Stefan K. built one of the *first ever* Marketplace apps

In this post you will discover more about the evolution of K15t software, some big topics they're currently focusing on in the app space, and a rare (not not funny!) photo of founders Mike Cannon-Bro...

11,951 views 11 24
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you