Hi,
in our firm we are having a model of managing user access using AD groups.
adgroup_adm- admin
adgroup_rw -read/write
adgroup_ro -read only.
the admin however has full control of the project we have seen misusing of permissions by adding individual users(this is linked to AD) to the repositories or project itself without notifying compliance department. even though these actions are logged, it is hard to monitor if other users are doing this kind of addition/deletion without compliance's knowledge.
so my question, is there a way to restrict project admins from editing the project permissions and repository permissions. but allowing only branch permissions and creating of repositories.
or is there a way to get notification everytime a user or AD group to added to any of the project. something like setting up automated email a new AD group is added or removed a email notification to be sent to system admins, so that we know to inform the users hwo did this.
Kindly let me know your answers.
Thanks
Hi Rathan,
If you grant someone project admins permissions they'll be able to edit project and repository permissions, as you can see in the chart at Using project permissions. It's not possible to modify that. There's already a Feture request for that at BSERV-8765.
Regarding notifications, this is not a built-in feature but you can submit a feature request at jira.atlassian.com. I tried searching for a plugin in the Marketplace but so far didn't find one, you might want to create a custom one.
Hope this helps!
Ana
It's not the cleanest way, but if you put apache in-front, you can block certain URL's to prevent access to the panels for project and repository permissions.
{code}
RewriteEngine On
RewriteRule "^/projects/([A-Z0-9]+)/(settings|permissions)$" "/plugins/servlet/branch-permissions/$1" [R=temporary]
RewriteRule "^/projects/([A-Z0-9]+)/repos/([A-Za-z0-9\-\.\_]+)/permissions$" "/plugins/servlet/branch-permissions/$1/$2" [R=temporary]
{code}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.