Custom permissions

TM · 28 August 2015 15:22

Hi, I am trying to create a new custom role for my developers to be in. There are a few outstanding things I’m trying to work out.

I’ve created a role “Project developer” and also created a team “Developers” and assigned this new role to it, and added users to the team.

Here are the permissions I’ve given the new role:
ActionTemplateCreate
ActionTemplateDelete
ActionTemplateEdit
ActionTemplateView
DefectReport
DefectResolve
DeploymentCreate
DeploymentView
EnvironmentView
EventView
FeedView
LibraryVariableSetCreate
LibraryVariableSetDelete
LibraryVariableSetEdit
LibraryVariableSetView
LifecycleView
MachineView
ProcessEdit
ProcessView
ProjectCreate
ProjectEdit
ProjectGroupCreate
ProjectGroupDelete
ProjectGroupEdit
ProjectGroupView
ProjectView
ReleaseCreate
ReleaseDelete
ReleaseEdit
ReleaseView
VariableEdit
VariableEditUnscoped
VariableView
VariableViewUnscoped

I’ve also scoped the role to our DV and UT environments – we had one more environment, PD, that I’ve left out.

Basically I want this team to be able to do whatever they need to to make projects, modules, scripts etc. but not deploy to production or do system-level administration.

Here are my issues:

Apparently my test user can still edit a machine, even though he has no MachineEdit (only MachineView).
I do want my developers to be able to create Powershell scripts to use in their projects, but Scripts does not appear under Library for this test user. He does see packages, external feeds, variable sets and step templates.
I want them to be able to view what has been deployed in every environment (including PD), but not be able to perform the deploy to PD. It seems when I scope the role, it completely removes PD from any view, even the Environments page. He can’t see, for example, that release 2.5.63 is in PD right now for Project A, though he can see 2.4.55 is in DV and UT. Is there a way to achieve this?

I can confirm that the test user is on the Everyone team (which has no roles), and the new custom Developers team (which has my custom Project developer role, above).

Thanks
Tom

Damian_Maclennan · 31 August 2015 01:39

Hi Tom_meier,

Thanks for getting in touch!

Have you had a look at the Test Permissions function in the roles page ? It may give some hints as to what’s going on (your list looks ok to me).

To answer #3, you probably want to create another role that allows view access to production and assign that to the users as well.

Hope that helps!

Damian