Cloud repository access

[Francois Bertrand]

Hi! I created a new group to which I want to give access to a repository, instead of the default "Developers". I can successfully add the group in the GUI, but by default it has access to everything except "advancedquery" (which is neither allowed or denied).

When I try to change any other values (I am trying to match the old "Developers" permissions as I guess this is what I want to be doing?), I get a warning:

"Permissions can be overridden to bypass inheritance. Mark as overridden then set the new value"

This doesn't seem to make any sense as:

• the group I created (in the cloud dashboard) is not "inheriting" from anything
• I'm not sure why these permissions are the default (everything except "advancedquery" doesn't seem to be a set of permissions from any existing group or user)
• I'm not sure what happens if a permission is NEITHER allowed or disallowed

Thank you for any assistance! All I am trying to do is have a bunch of "Developer"-like access but only to certain repositories.

[calbzam]

HI,

The Plastic SCM server has different level permissions that inherit between them: https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide

- You can configure permissions at the Plastic server level. Then, at the repository level, you can apply new permissions or overwrite the permissions inherited from the server level.

- When you edit the repo permissions, these "default" repo permissions you are seeing are inherited from the server permissions level.

- If a permissions is neither allowed nor denied, you won't be allowed. But this is sometimes useful when you don't want to set any permissions in the server level so they are not inherited to the repo level.

Our guide has some real scenarios you can check and we are open to connect with you to assist with the permissions configuration: support@codicdesoftware.com

https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide

Regards,

Carlos.

 

[Francois Bertrand]

Hello Carlos, thank you for the details. Unfortunately, we are having trouble doing a relatively simple task and I think it might benefit to discuss here. Our situation feels pretty typical and is as follows:

• We initially created a few repositories without touching access since we only had one team so we have "administrators" and "developers"
• We would like to only give access to some of the developers to one of the repositories, let's call it "Project X"

So, we created a new group called "Project X Devs" and assigned the right people and ran into a few issues:

• User experience feedback: 
  •  We added "Project X Devs" to our Project X repository, however we had to manually compare it to the default "Developers", and painstakingly go through each checkbox, click "override" and then set the right value. This felt very clumsy and unintuitive.
• Then, we ran into this issue: we cannot remove "Developers" from that repository because it is telling us "Cannot remove an inherited entry". So the repository seems to be stuck with "Developers" (?)

Thank you again for any assistance!

 

[calbzam]

Hi,

I think we could arrange a meeting to help you with the permissions configuration. You can reach us at support@codicesoftware.com:

Quote

 We added "Project X Devs" to our Project X repository, however we had to manually compare it to the default "Developers", and painstakingly go through each checkbox, click "override" and then set the right value. This felt very clumsy and unintuitive.

If you neither allow the pemrissions at the server level, you won't need to overwrite any permission. You will be able to assign the permissions at the repo level.

Quote

Then, we ran into this issue: we cannot remove "Developers" from that repository because it is telling us "Cannot remove an inherited entry". So the repository seems to be stuck with "Developers" (?)

You cannot remove an inherited entry. You need to open the server permissions (not repo but server permissions) and remove the group at this level. This way, it won't be inheritted to the below permission levels.

Regards,

Carlos.