| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <HTML |
| ><HEAD |
| ><TITLE |
| >Groups and Group Security</TITLE |
| ><META |
| NAME="GENERATOR" |
| CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK |
| REL="HOME" |
| TITLE="The Bugzilla Guide - 2.20.1 |
| Release" |
| HREF="index.html"><LINK |
| REL="UP" |
| TITLE="Administering Bugzilla" |
| HREF="administration.html"><LINK |
| REL="PREVIOUS" |
| TITLE="Quips" |
| HREF="quips.html"><LINK |
| REL="NEXT" |
| TITLE="Upgrading to New Releases" |
| HREF="upgrading.html"></HEAD |
| ><BODY |
| CLASS="section" |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#840084" |
| ALINK="#0000FF" |
| ><DIV |
| CLASS="NAVHEADER" |
| ><TABLE |
| SUMMARY="Header navigation table" |
| WIDTH="100%" |
| BORDER="0" |
| CELLPADDING="0" |
| CELLSPACING="0" |
| ><TR |
| ><TH |
| COLSPAN="3" |
| ALIGN="center" |
| >The Bugzilla Guide - 2.20.1 |
| Release</TH |
| ></TR |
| ><TR |
| ><TD |
| WIDTH="10%" |
| ALIGN="left" |
| VALIGN="bottom" |
| ><A |
| HREF="quips.html" |
| ACCESSKEY="P" |
| >Prev</A |
| ></TD |
| ><TD |
| WIDTH="80%" |
| ALIGN="center" |
| VALIGN="bottom" |
| >Chapter 3. Administering Bugzilla</TD |
| ><TD |
| WIDTH="10%" |
| ALIGN="right" |
| VALIGN="bottom" |
| ><A |
| HREF="upgrading.html" |
| ACCESSKEY="N" |
| >Next</A |
| ></TD |
| ></TR |
| ></TABLE |
| ><HR |
| ALIGN="LEFT" |
| WIDTH="100%"></DIV |
| ><DIV |
| CLASS="section" |
| ><H1 |
| CLASS="section" |
| ><A |
| NAME="groups" |
| >3.10. Groups and Group Security</A |
| ></H1 |
| ><P |
| >Groups allow the administrator |
| to isolate bugs or products that should only be seen by certain people. |
| The association between products and groups is controlled from |
| the product edit page under <SPAN |
| CLASS="QUOTE" |
| >"Edit Group Controls."</SPAN |
| > |
| </P |
| ><P |
| > If the makeproductgroups param is on, a new group will be automatically |
| created for every new product. It is primarily available for backward |
| compatibility with older sites. |
| </P |
| ><P |
| > Note that group permissions are such that you need to be a member |
| of <EM |
| >all</EM |
| > the groups a bug is in, for whatever |
| reason, to see that bug. Similarly, you must be a member |
| of <EM |
| >all</EM |
| > of the entry groups for a product |
| to add bugs to a product and you must be a member |
| of <EM |
| >all</EM |
| > of the canedit groups for a product |
| in order to make <EM |
| >any</EM |
| > change to bugs in that |
| product. |
| </P |
| ><DIV |
| CLASS="note" |
| ><P |
| ></P |
| ><TABLE |
| CLASS="note" |
| WIDTH="100%" |
| BORDER="0" |
| ><TR |
| ><TD |
| WIDTH="25" |
| ALIGN="CENTER" |
| VALIGN="TOP" |
| ><IMG |
| SRC="../images/note.gif" |
| HSPACE="5" |
| ALT="Note"></TD |
| ><TD |
| ALIGN="LEFT" |
| VALIGN="TOP" |
| ><P |
| > By default, bugs can also be seen by the Assignee, the Reporter, and |
| by everyone on the CC List, regardless of whether or not the bug would |
| typically be viewable by them. Visibility to the Reporter and CC List can |
| be overridden (on a per-bug basis) by bringing up the bug, finding the |
| section that starts with <SPAN |
| CLASS="QUOTE" |
| >"Users in the roles selected below..."</SPAN |
| > |
| and un-checking the box next to either 'Reporter' or 'CC List' (or both). |
| </P |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="AEN1438" |
| >3.10.1. Creating Groups</A |
| ></H2 |
| ><P |
| >To create Groups:</P |
| ><P |
| ></P |
| ><OL |
| TYPE="1" |
| ><LI |
| ><P |
| >Select the <SPAN |
| CLASS="QUOTE" |
| >"groups"</SPAN |
| > |
| link in the footer.</P |
| ></LI |
| ><LI |
| ><P |
| >Take a moment to understand the instructions on the <SPAN |
| CLASS="QUOTE" |
| >"Edit |
| Groups"</SPAN |
| > screen, then select the <SPAN |
| CLASS="QUOTE" |
| >"Add Group"</SPAN |
| > link.</P |
| ></LI |
| ><LI |
| ><P |
| >Fill out the <SPAN |
| CLASS="QUOTE" |
| >"Group"</SPAN |
| >, <SPAN |
| CLASS="QUOTE" |
| >"Description"</SPAN |
| >, |
| and <SPAN |
| CLASS="QUOTE" |
| >"User RegExp"</SPAN |
| > fields. |
| <SPAN |
| CLASS="QUOTE" |
| >"User RegExp"</SPAN |
| > allows you to automatically |
| place all users who fulfill the Regular Expression into the new group. |
| When you have finished, click <SPAN |
| CLASS="QUOTE" |
| >"Add"</SPAN |
| >.</P |
| ><P |
| >Users whose email addresses match the regular expression |
| will automatically be members of the group as long as their |
| email addresses continue to match the regular expression.</P |
| ><DIV |
| CLASS="note" |
| ><P |
| ></P |
| ><TABLE |
| CLASS="note" |
| WIDTH="100%" |
| BORDER="0" |
| ><TR |
| ><TD |
| WIDTH="25" |
| ALIGN="CENTER" |
| VALIGN="TOP" |
| ><IMG |
| SRC="../images/note.gif" |
| HSPACE="5" |
| ALT="Note"></TD |
| ><TD |
| ALIGN="LEFT" |
| VALIGN="TOP" |
| ><P |
| >This is a change from 2.16 where the regular expression |
| resulted in a user acquiring permanent membership in a group. |
| To remove a user from a group the user was in due to a regular |
| expression in version 2.16 or earlier, the user must be explicitly |
| removed from the group. This can easily be done by pressing |
| buttons named 'Remove Memberships' or 'Remove Memberships |
| included in regular expression' under the table.</P |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="warning" |
| ><P |
| ></P |
| ><TABLE |
| CLASS="warning" |
| WIDTH="100%" |
| BORDER="0" |
| ><TR |
| ><TD |
| WIDTH="25" |
| ALIGN="CENTER" |
| VALIGN="TOP" |
| ><IMG |
| SRC="../images/warning.gif" |
| HSPACE="5" |
| ALT="Warning"></TD |
| ><TD |
| ALIGN="LEFT" |
| VALIGN="TOP" |
| ><P |
| >If specifying a domain in the regexp, make sure you end |
| the regexp with a $. Otherwise, when granting access to |
| "@mycompany\.com", you will allow access to |
| 'badperson@mycompany.com.cracker.net'. You need to use |
| '@mycompany\.com$' as the regexp.</P |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ></LI |
| ><LI |
| ><P |
| >If you plan to use this group to directly control |
| access to bugs, check the "use for bugs" box. Groups |
| not used for bugs are still useful because other groups |
| can include the group as a whole.</P |
| ></LI |
| ><LI |
| ><P |
| >After you add your new group, edit the new group. On the |
| edit page, you can specify other groups that should be included |
| in this group and which groups should be permitted to add and delete |
| users from this group.</P |
| ></LI |
| ></OL |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="AEN1465" |
| >3.10.2. Assigning Users to Groups</A |
| ></H2 |
| ><P |
| >Users can become a member of a group in several ways.</P |
| ><P |
| ></P |
| ><OL |
| TYPE="1" |
| ><LI |
| ><P |
| >The user can be explicitly placed in the group by editing |
| the user's own profile</P |
| ></LI |
| ><LI |
| ><P |
| >The group can include another group of which the user is |
| a member.</P |
| ></LI |
| ><LI |
| ><P |
| >The user's email address can match a regular expression |
| that the group specifies to automatically grant membership to |
| the group.</P |
| ></LI |
| ></OL |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="AEN1475" |
| >3.10.3. Assigning Group Controls to Products</A |
| ></H2 |
| ><P |
| > On the product edit page, there is a page to edit the |
| <SPAN |
| CLASS="QUOTE" |
| >"Group Controls"</SPAN |
| > |
| for a product. This allows you to |
| configure how a group relates to the product. |
| Groups may be applicable, default, |
| and mandatory as well as used to control entry |
| or used to make bugs in the product |
| totally read-only unless the group restrictions are met. |
| </P |
| ><P |
| > For each group, it is possible to specify if membership in that |
| group is... |
| </P |
| ><P |
| ></P |
| ><OL |
| TYPE="1" |
| ><LI |
| ><P |
| > required for bug entry, |
| </P |
| ></LI |
| ><LI |
| ><P |
| > Not applicable to this product(NA), |
| a possible restriction for a member of the |
| group to place on a bug in this product(Shown), |
| a default restriction for a member of the |
| group to place on a bug in this product(Default), |
| or a mandatory restriction to be placed on bugs |
| in this product(Mandatory). |
| </P |
| ></LI |
| ><LI |
| ><P |
| > Not applicable by non-members to this product(NA), |
| a possible restriction for a non-member of the |
| group to place on a bug in this product(Shown), |
| a default restriction for a non-member of the |
| group to place on a bug in this product(Default), |
| or a mandatory restriction to be placed on bugs |
| in this product when entered by a non-member(Mandatory). |
| </P |
| ></LI |
| ><LI |
| ><P |
| > required in order to make <EM |
| >any</EM |
| > change |
| to bugs in this product <EM |
| >including comments.</EM |
| > |
| </P |
| ></LI |
| ></OL |
| ><P |
| >These controls are often described in this order, so a |
| product that requires a user to be a member of group "foo" |
| to enter a bug and then requires that the bug stay restricted |
| to group "foo" at all times and that only members of group "foo" |
| can edit the bug even if they otherwise could see the bug would |
| have its controls summarized by...</P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="programlisting" |
| > |
| foo: ENTRY, MANDATORY/MANDATORY, CANEDIT |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="AEN1493" |
| >3.10.4. Common Applications of Group Controls</A |
| ></H2 |
| ><DIV |
| CLASS="section" |
| ><H3 |
| CLASS="section" |
| ><A |
| NAME="AEN1495" |
| >3.10.4.1. General User Access With Security Group</A |
| ></H3 |
| ><P |
| >To permit any user to file bugs in each product (A, B, C...) |
| and to permit any user to submit those bugs into a security |
| group....</P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="programlisting" |
| > |
| Product A... |
| security: SHOWN/SHOWN |
| Product B... |
| security: SHOWN/SHOWN |
| Product C... |
| security: SHOWN/SHOWN |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H3 |
| CLASS="section" |
| ><A |
| NAME="AEN1499" |
| >3.10.4.2. General User Access With A Security Product</A |
| ></H3 |
| ><P |
| >To permit any user to file bugs in a Security product |
| while keeping those bugs from becoming visible to anyone |
| outside the securityworkers group unless a member of the |
| securityworkers group removes that restriction....</P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="programlisting" |
| > |
| Product Security... |
| securityworkers: DEFAULT/MANDATORY |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H3 |
| CLASS="section" |
| ><A |
| NAME="AEN1503" |
| >3.10.4.3. Product Isolation With Common Group</A |
| ></H3 |
| ><P |
| >To permit users of product A to access the bugs for |
| product A, users of product B to access product B, and support |
| staff to access both, 3 groups are needed</P |
| ><P |
| ></P |
| ><OL |
| TYPE="1" |
| ><LI |
| ><P |
| >Support: Contains members of the support staff.</P |
| ></LI |
| ><LI |
| ><P |
| >AccessA: Contains users of product A and the Support group.</P |
| ></LI |
| ><LI |
| ><P |
| >AccessB: Contains users of product B and the Support group.</P |
| ></LI |
| ></OL |
| ><P |
| >Once these 3 groups are defined, the products group controls |
| can be set to..</P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="programlisting" |
| > Product A... |
| AccessA: ENTRY, MANDATORY/MANDATORY |
| Product B... |
| AccessB: ENTRY, MANDATORY/MANDATORY |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ><P |
| >Optionally, the support group could be permitted to make |
| bugs inaccessible to the users and could be permitted to publish |
| bugs relevant to all users in a common product that is read-only |
| to anyone outside the support group. That configuration could |
| be...</P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="programlisting" |
| > Product A... |
| AccessA: ENTRY, MANDATORY/MANDATORY |
| Support: SHOWN/NA |
| Product B... |
| AccessB: ENTRY, MANDATORY/MANDATORY |
| Support: SHOWN/NA |
| Product Common... |
| Support: ENTRY, DEFAULT/MANDATORY, CANEDIT |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ></DIV |
| ></DIV |
| ><DIV |
| CLASS="NAVFOOTER" |
| ><HR |
| ALIGN="LEFT" |
| WIDTH="100%"><TABLE |
| SUMMARY="Footer navigation table" |
| WIDTH="100%" |
| BORDER="0" |
| CELLPADDING="0" |
| CELLSPACING="0" |
| ><TR |
| ><TD |
| WIDTH="33%" |
| ALIGN="left" |
| VALIGN="top" |
| ><A |
| HREF="quips.html" |
| ACCESSKEY="P" |
| >Prev</A |
| ></TD |
| ><TD |
| WIDTH="34%" |
| ALIGN="center" |
| VALIGN="top" |
| ><A |
| HREF="index.html" |
| ACCESSKEY="H" |
| >Home</A |
| ></TD |
| ><TD |
| WIDTH="33%" |
| ALIGN="right" |
| VALIGN="top" |
| ><A |
| HREF="upgrading.html" |
| ACCESSKEY="N" |
| >Next</A |
| ></TD |
| ></TR |
| ><TR |
| ><TD |
| WIDTH="33%" |
| ALIGN="left" |
| VALIGN="top" |
| >Quips</TD |
| ><TD |
| WIDTH="34%" |
| ALIGN="center" |
| VALIGN="top" |
| ><A |
| HREF="administration.html" |
| ACCESSKEY="U" |
| >Up</A |
| ></TD |
| ><TD |
| WIDTH="33%" |
| ALIGN="right" |
| VALIGN="top" |
| >Upgrading to New Releases</TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ></BODY |
| ></HTML |
| > |