Google Git
Sign in
webkit / WebKit / refs/heads/Safari-3-1-branch / . / BugsSite / docs / html / groups.html
blob: e5797a2f2eabdd648c51cae44f0aae79fe303005 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Groups and Group Security</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 2.20.1
Release"
HREF="index.html"><LINK
REL="UP"
TITLE="Administering Bugzilla"
HREF="administration.html"><LINK
REL="PREVIOUS"
TITLE="Quips"
HREF="quips.html"><LINK
REL="NEXT"
TITLE="Upgrading to New Releases"
HREF="upgrading.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 2.20.1
Release</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="quips.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Administering Bugzilla</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="groups"
>3.10. Groups and Group Security</A
></H1
><P
>Groups allow the administrator
to isolate bugs or products that should only be seen by certain people.
The association between products and groups is controlled from
the product edit page under <SPAN
CLASS="QUOTE"
>"Edit Group Controls."</SPAN
>
</P
><P
>&#13; If the makeproductgroups param is on, a new group will be automatically
created for every new product. It is primarily available for backward
compatibility with older sites.
</P
><P
>&#13; Note that group permissions are such that you need to be a member
of <EM
>all</EM
> the groups a bug is in, for whatever
reason, to see that bug. Similarly, you must be a member
of <EM
>all</EM
> of the entry groups for a product
to add bugs to a product and you must be a member
of <EM
>all</EM
> of the canedit groups for a product
in order to make <EM
>any</EM
> change to bugs in that
product.
</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>&#13; By default, bugs can also be seen by the Assignee, the Reporter, and
by everyone on the CC List, regardless of whether or not the bug would
typically be viewable by them. Visibility to the Reporter and CC List can
be overridden (on a per-bug basis) by bringing up the bug, finding the
section that starts with <SPAN
CLASS="QUOTE"
>"Users in the roles selected below..."</SPAN
>
and un-checking the box next to either 'Reporter' or 'CC List' (or both).
</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1438"
>3.10.1. Creating Groups</A
></H2
><P
>To create Groups:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Select the <SPAN
CLASS="QUOTE"
>"groups"</SPAN
>
link in the footer.</P
></LI
><LI
><P
>Take a moment to understand the instructions on the <SPAN
CLASS="QUOTE"
>"Edit
Groups"</SPAN
> screen, then select the <SPAN
CLASS="QUOTE"
>"Add Group"</SPAN
> link.</P
></LI
><LI
><P
>Fill out the <SPAN
CLASS="QUOTE"
>"Group"</SPAN
>, <SPAN
CLASS="QUOTE"
>"Description"</SPAN
>,
and <SPAN
CLASS="QUOTE"
>"User RegExp"</SPAN
> fields.
<SPAN
CLASS="QUOTE"
>"User RegExp"</SPAN
> allows you to automatically
place all users who fulfill the Regular Expression into the new group.
When you have finished, click <SPAN
CLASS="QUOTE"
>"Add"</SPAN
>.</P
><P
>Users whose email addresses match the regular expression
will automatically be members of the group as long as their
email addresses continue to match the regular expression.</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>This is a change from 2.16 where the regular expression
resulted in a user acquiring permanent membership in a group.
To remove a user from a group the user was in due to a regular
expression in version 2.16 or earlier, the user must be explicitly
removed from the group. This can easily be done by pressing
buttons named 'Remove Memberships' or 'Remove Memberships
included in regular expression' under the table.</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If specifying a domain in the regexp, make sure you end
the regexp with a $. Otherwise, when granting access to
"@mycompany\.com", you will allow access to
'badperson@mycompany.com.cracker.net'. You need to use
'@mycompany\.com$' as the regexp.</P
></TD
></TR
></TABLE
></DIV
></LI
><LI
><P
>If you plan to use this group to directly control
access to bugs, check the "use for bugs" box. Groups
not used for bugs are still useful because other groups
can include the group as a whole.</P
></LI
><LI
><P
>After you add your new group, edit the new group. On the
edit page, you can specify other groups that should be included
in this group and which groups should be permitted to add and delete
users from this group.</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1465"
>3.10.2. Assigning Users to Groups</A
></H2
><P
>Users can become a member of a group in several ways.</P
><P
></P
><OL
TYPE="1"
><LI
><P
>The user can be explicitly placed in the group by editing
the user's own profile</P
></LI
><LI
><P
>The group can include another group of which the user is
a member.</P
></LI
><LI
><P
>The user's email address can match a regular expression
that the group specifies to automatically grant membership to
the group.</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1475"
>3.10.3. Assigning Group Controls to Products</A
></H2
><P
>&#13; On the product edit page, there is a page to edit the
<SPAN
CLASS="QUOTE"
>"Group Controls"</SPAN
>
for a product. This allows you to
configure how a group relates to the product.
Groups may be applicable, default,
and mandatory as well as used to control entry
or used to make bugs in the product
totally read-only unless the group restrictions are met.
</P
><P
>&#13; For each group, it is possible to specify if membership in that
group is...
</P
><P
></P
><OL
TYPE="1"
><LI
><P
>&#13; required for bug entry,
</P
></LI
><LI
><P
>&#13; Not applicable to this product(NA),
a possible restriction for a member of the
group to place on a bug in this product(Shown),
a default restriction for a member of the
group to place on a bug in this product(Default),
or a mandatory restriction to be placed on bugs
in this product(Mandatory).
</P
></LI
><LI
><P
>&#13; Not applicable by non-members to this product(NA),
a possible restriction for a non-member of the
group to place on a bug in this product(Shown),
a default restriction for a non-member of the
group to place on a bug in this product(Default),
or a mandatory restriction to be placed on bugs
in this product when entered by a non-member(Mandatory).
</P
></LI
><LI
><P
>&#13; required in order to make <EM
>any</EM
> change
to bugs in this product <EM
>including comments.</EM
>
</P
></LI
></OL
><P
>These controls are often described in this order, so a
product that requires a user to be a member of group "foo"
to enter a bug and then requires that the bug stay restricted
to group "foo" at all times and that only members of group "foo"
can edit the bug even if they otherwise could see the bug would
have its controls summarized by...</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>
foo: ENTRY, MANDATORY/MANDATORY, CANEDIT
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1493"
>3.10.4. Common Applications of Group Controls</A
></H2
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1495"
>3.10.4.1. General User Access With Security Group</A
></H3
><P
>To permit any user to file bugs in each product (A, B, C...)
and to permit any user to submit those bugs into a security
group....</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>
Product A...
security: SHOWN/SHOWN
Product B...
security: SHOWN/SHOWN
Product C...
security: SHOWN/SHOWN
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1499"
>3.10.4.2. General User Access With A Security Product</A
></H3
><P
>To permit any user to file bugs in a Security product
while keeping those bugs from becoming visible to anyone
outside the securityworkers group unless a member of the
securityworkers group removes that restriction....</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>
Product Security...
securityworkers: DEFAULT/MANDATORY
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1503"
>3.10.4.3. Product Isolation With Common Group</A
></H3
><P
>To permit users of product A to access the bugs for
product A, users of product B to access product B, and support
staff to access both, 3 groups are needed</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Support: Contains members of the support staff.</P
></LI
><LI
><P
>AccessA: Contains users of product A and the Support group.</P
></LI
><LI
><P
>AccessB: Contains users of product B and the Support group.</P
></LI
></OL
><P
>Once these 3 groups are defined, the products group controls
can be set to..</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;Product A...
AccessA: ENTRY, MANDATORY/MANDATORY
Product B...
AccessB: ENTRY, MANDATORY/MANDATORY
</PRE
></FONT
></TD
></TR
></TABLE
><P
>Optionally, the support group could be permitted to make
bugs inaccessible to the users and could be permitted to publish
bugs relevant to all users in a common product that is read-only
to anyone outside the support group. That configuration could
be...</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;Product A...
AccessA: ENTRY, MANDATORY/MANDATORY
Support: SHOWN/NA
Product B...
AccessB: ENTRY, MANDATORY/MANDATORY
Support: SHOWN/NA
Product Common...
Support: ENTRY, DEFAULT/MANDATORY, CANEDIT
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="quips.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Quips</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="administration.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Upgrading to New Releases</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>