Jump to content
Francois Bertrand

Cloud repository access

Recommended Posts

Hi! I created a new group to which I want to give access to a repository, instead of the default "Developers". I can successfully add the group in the GUI, but by default it has access to everything except "advancedquery" (which is neither allowed or denied).

When I try to change any other values (I am trying to match the old "Developers" permissions as I guess this is what I want to be doing?), I get a warning:

"Permissions can be overridden to bypass inheritance. Mark as overridden then set the new value"

This doesn't seem to make any sense as:

  • the group I created (in the cloud dashboard) is not "inheriting" from anything
  • I'm not sure why these permissions are the default (everything except "advancedquery" doesn't seem to be a set of permissions from any existing group or user)
  • I'm not sure what happens if a permission is NEITHER allowed or disallowed

Thank you for any assistance! All I am trying to do is have a bunch of "Developer"-like access but only to certain repositories.

Share this post


Link to post
Share on other sites

HI,

The Plastic SCM server has different level permissions that inherit between them: https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide

- You can configure permissions at the Plastic server level. Then, at the repository level, you can apply new permissions or overwrite the permissions inherited from the server level.

- When you edit the repo permissions, these "default" repo permissions you are seeing are inherited from the server permissions level.

- If a permissions is neither allowed nor denied, you won't be allowed. But this is sometimes useful when you don't want to set any permissions in the server level so they are not inherited to the repo level.

Our guide has some real scenarios you can check and we are open to connect with you to assist with the permissions configuration: support@codicdesoftware.com

https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide

Regards,

Carlos.

 

Share this post


Link to post
Share on other sites

Hello Carlos, thank you for the details. Unfortunately, we are having trouble doing a relatively simple task and I think it might benefit to discuss here. Our situation feels pretty typical and is as follows:

  • We initially created a few repositories without touching access since we only had one team so we have "administrators" and "developers"
  • We would like to only give access to some of the developers to one of the repositories, let's call it "Project X"

So, we created a new group called "Project X Devs" and assigned the right people and ran into a few issues:

  • User experience feedback
    •  We added "Project X Devs" to our Project X repository, however we had to manually compare it to the default "Developers", and painstakingly go through each checkbox, click "override" and then set the right value. This felt very clumsy and unintuitive.
  • Then, we ran into this issue: we cannot remove "Developers" from that repository because it is telling us "Cannot remove an inherited entry". So the repository seems to be stuck with "Developers" (?)

Thank you again for any assistance!

 

Share this post


Link to post
Share on other sites

Hi,

I think we could arrange a meeting to help you with the permissions configuration. You can reach us at support@codicesoftware.com:

Quote

 We added "Project X Devs" to our Project X repository, however we had to manually compare it to the default "Developers", and painstakingly go through each checkbox, click "override" and then set the right value. This felt very clumsy and unintuitive.

If you neither allow the pemrissions at the server level, you won't need to overwrite any permission. You will be able to assign the permissions at the repo level.

Quote

Then, we ran into this issue: we cannot remove "Developers" from that repository because it is telling us "Cannot remove an inherited entry". So the repository seems to be stuck with "Developers" (?)

You cannot remove an inherited entry. You need to open the server permissions (not repo but server permissions) and remove the group at this level. This way, it won't be inheritted to the below permission levels.

Regards,

Carlos.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...