Modify

Opened 5 years ago

Last modified 8 months ago

#5187 assigned defect

How to use permissions and groups

Reported by: abalter Owned by: rjollos
Priority: high Component: UserManagerPlugin
Severity: major Keywords: user, role, group, subject, permissions
Cc: Trac Release: 0.11

Description

I can't figure out how I am supposed to use permissions and groups. I have attached some screenshots to show what I'm seeing.

I'm logged in as admin. I show the view from Admin>Permissions so you can see what groups I have set up and what their permissions are.

Q1. Is a "Role" in usermanagerplugin the same as a "Subject" in Admin>Permissions?

When I look at the permissions tab for users, they belong to groups that they are not supposed to. There are check boxes by the groups, but no button for "remove".

Q2a. How do I set what groups a user belongs to?
Q2b. Are these "groups" the same as "Role" or "Subject"?

Permissions that are already selected are greyed out. Therefore, I cannot change them.

Summary of questions:

  1. What is the difference between "Role", "Group", "Subject"
  2. Where/How do I definitively set what "Group" a user belongs to and what permissions they have when using the UserManagerPlugin?

Thanks,
Ariel

Attachments (0)

Change History (5)

comment:1 Changed 5 years ago by abalter

I keep getting errors when trying to attach the screenshots. I have put them here:
http://myotherstuff.org/share/screenshots/

comment:2 Changed 5 years ago by cbalan

Hey abalter,

Q1: Out of the box, the "role user profile field is intended to be used more like a title field, ex. "Project Manager"/ "Web Designer" / "IT Manager".

Please note that custom profiles fields can be added as well. These custom fields can be used then either in custom ticket workflows to select a specific user/s(ie. status = develop -> testing assign ticket to QA manager) / filter users in userprofileslist macro or implement other security rules based on these fields.

Q2: Regarding groups and roles, no changes there. Usermanager's admin screens provide just a different view. If Admin > Permissions shows the explicit permission for all subjects, usermanager's permission panel provides all permissions for one subject, explicit and inherited(greyed ones).

Regarding groups, a trac group is more like a set of permissions that can be attached to a user.

Thank you,
Catalin Balan

comment:3 Changed 5 years ago by abalter

Hi cbalan,
The problem is, I don't seem to have full control over a user's permissions from their permissions tab. For instance, I have no control over what is the "parent" group they are assigned to that is responsible for the "inherited" permissions.

I think it would be better if the behavior was like this: The Permissions tab had two parts, "groups" and "custom permissions". I the groups section, ALL available groups are listed. You simply select which group you want the user to belong to. If you want custom permissions, you use the custom permissions part in which no boxes are greyed out. That is, you can select and deselect any permission you want for that user. The idea woudl be that you would use one or the other, groups or custom. So, if you start customizing the permissions, they are unselected on the groups part, that is, belong to no particular group. For efficiency, you might want to start with a group permissions scheme and then tweak it. Removing the group permission once you start customizing would be automatic.

If there is a way to accomplish this flexibility in the current version, I'd like to know how. Otherwise, should I submit the above as an "enhancement" ticket?

Thanks much!

--abalter

comment:4 Changed 5 years ago by abalter

  • Severity changed from critical to major

Hi cbalan,

I got usermanagerplugin working again. Here is a more specific description of the problem I'm having. Please see the two screenshots:
http://myotherstuff.org/share/groups_paradox_1.png
http://myotherstuff.org/share/groups_paradox_2.png

In the first, you can see that I have created a group called "guest" with special permissions. I have also created a user called visitor that I've given the permissions of the group guest. However, when I look at the detailed permissions, there are many greyed-out permissions, suggesting that visitor actually has a parent group from which it is inheriting some permissions. I do not want that. I did not select any parent group when I created the user visitor. I also want visitor to only have the permissions explicitly specified in the group guest. This is what I can't figure out how to do.

Thanks in advance for your help on this.

--abalter

comment:5 Changed 8 months ago by rjollos

  • Owner changed from cbalan to rjollos
  • Status changed from new to assigned

Add Comment

Modify Ticket

Action
as assigned .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.