astanid Posted April 20, 2022 Report Share Posted April 20, 2022 When i try to add user - it's only possible for the whole cloud (like Studio_org)in this case that new user will have access to all of my projects? What should i do to add him to one specific project ? 1 Link to comment Share on other sites More sharing options...
erzherzog13 Posted April 29, 2022 Report Share Posted April 29, 2022 Yes this is a serious issue. edit: I use PlasticSCM in Unity and by adding a developer to one project, he instantly got access to all my projects. 1 Link to comment Share on other sites More sharing options...
ollieblanks Posted May 9, 2022 Report Share Posted May 9, 2022 Sorry for the delay! Adding the user to the Organization will grant them access to the everything by default. If you want to configure more granular permissions then you will need to set these within the client. Please see our Security Guide for more information and scenarios for setting up permissions. Hope this helps! Link to comment Share on other sites More sharing options...
Marc S Posted May 20, 2022 Report Share Posted May 20, 2022 On 5/9/2022 at 11:00 AM, ollieblanks said: Adding the user to the Organization will grant them access to the everything by default. That's the issue. There is a time gap between adding a new user and setting up their access rights. If you're interrupted or made a mistake, that user will have access to confidential information and you might never be aware of it. I'd rather have users ask for a permission I forgot to grant than users who can snoop in my data because I forgot something. For people dealing with projects under NDA, even seeing projects names can be a security breach. One solution to this is to create a new cloud for every project. This way, new users can't see anything else since they're only on one cloud. But to my knowledge, that's not possible from one account. And, more importantly, it could go against Plastic terms and conditions. I could have 60 teams of < 3 people all working on <5GB repos and never pay anything. I'm sure PlasticSCM's lawyers thought about it and that it could result in me being blaklisted. That said, if billing takes that into account, it might be an easy solution to this problem. Link to comment Share on other sites More sharing options...
ollieblanks Posted May 27, 2022 Report Share Posted May 27, 2022 Hey @Marc S, Once you have removed the access to ALL USERS and have set up access rights to your repositories, then new users will not be able to view the data by default. What I meant by my last comment is that the initial permissions need to be set up first. (Sorry, after re-reading my previous comment, I can see it is unclear ) Hope that helps! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now