/tags/Doduo_1.1/BugsSite/docs/html/groups.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Groups and Group Security</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 2.20.1 
    Release"
HREF="index.html"><LINK
REL="UP"
TITLE="Administering Bugzilla"
HREF="administration.html"><LINK
REL="PREVIOUS"
TITLE="Quips"
HREF="quips.html"><LINK
REL="NEXT"
TITLE="Upgrading to New Releases"
HREF="upgrading.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 2.20.1 
    Release</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="quips.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Administering Bugzilla</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="groups"
>3.10. Groups and Group Security</A
></H1
><P
>Groups allow the administrator
    to isolate bugs or products that should only be seen by certain people.
    The association between products and groups is controlled from
    the product edit page under <SPAN
CLASS="QUOTE"
>"Edit Group Controls."</SPAN
>
    </P
><P
>&#13;    If the makeproductgroups param is on, a new group will be automatically
    created for every new product. It is primarily available for backward
    compatibility with older sites. 
    </P
><P
>&#13;      Note that group permissions are such that you need to be a member
      of <EM
>all</EM
> the groups a bug is in, for whatever
      reason, to see that bug. Similarly, you must be a member 
      of <EM
>all</EM
> of the entry groups for a product 
      to add bugs to a product and you must be a member 
      of <EM
>all</EM
> of the canedit groups for a product
      in order to make <EM
>any</EM
> change to bugs in that
      product.
    </P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>&#13;        By default, bugs can also be seen by the Assignee, the Reporter, and 
        by everyone on the CC List, regardless of whether or not the bug would 
        typically be viewable by them. Visibility to the Reporter and CC List can 
        be overridden (on a per-bug basis) by bringing up the bug, finding the 
        section that starts with <SPAN
CLASS="QUOTE"
>"Users in the roles selected below..."</SPAN
>
        and un-checking the box next to either 'Reporter' or 'CC List' (or both).
      </P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1438"
>3.10.1. Creating Groups</A
></H2
><P
>To create Groups:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Select the <SPAN
CLASS="QUOTE"
>"groups"</SPAN
>
          link in the footer.</P
></LI
><LI
><P
>Take a moment to understand the instructions on the <SPAN
CLASS="QUOTE"
>"Edit
          Groups"</SPAN
> screen, then select the <SPAN
CLASS="QUOTE"
>"Add Group"</SPAN
> link.</P
></LI
><LI
><P
>Fill out the <SPAN
CLASS="QUOTE"
>"Group"</SPAN
>, <SPAN
CLASS="QUOTE"
>"Description"</SPAN
>, 
           and <SPAN
CLASS="QUOTE"
>"User RegExp"</SPAN
> fields. 
           <SPAN
CLASS="QUOTE"
>"User RegExp"</SPAN
> allows you to automatically
           place all users who fulfill the Regular Expression into the new group. 
           When you have finished, click <SPAN
CLASS="QUOTE"
>"Add"</SPAN
>.</P
><P
>Users whose email addresses match the regular expression
           will automatically be members of the group as long as their 
           email addresses continue to match the regular expression.</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>This is a change from 2.16 where the regular expression
             resulted in a user acquiring permanent membership in a group.
             To remove a user from a group the user was in due to a regular
             expression in version 2.16 or earlier, the user must be explicitly
             removed from the group. This can easily be done by pressing
             buttons named 'Remove Memberships' or 'Remove Memberships
             included in regular expression' under the table.</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>If specifying a domain in the regexp, make sure you end
             the regexp with a $. Otherwise, when granting access to 
             "@mycompany\.com", you will allow access to 
             'badperson@mycompany.com.cracker.net'. You need to use 
             '@mycompany\.com$' as the regexp.</P
></TD
></TR
></TABLE
></DIV
></LI
><LI
><P
>If you plan to use this group to directly control
          access to bugs, check the "use for bugs" box. Groups
          not used for bugs are still useful because other groups
          can include the group as a whole.</P
></LI
><LI
><P
>After you add your new group, edit the new group.  On the
          edit page, you can specify other groups that should be included
          in this group and which groups should be permitted to add and delete
          users from this group.</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1465"
>3.10.2. Assigning Users to Groups</A
></H2
><P
>Users can become a member of a group in several ways.</P
><P
></P
><OL
TYPE="1"
><LI
><P
>The user can be explicitly placed in the group by editing
          the user's own profile</P
></LI
><LI
><P
>The group can include another group of which the user is
          a member.</P
></LI
><LI
><P
>The user's email address can match a regular expression
          that the group specifies to automatically grant membership to
          the group.</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1475"
>3.10.3. Assigning Group Controls to Products</A
></H2
><P
>&#13;      On the product edit page, there is a page to edit the 
      <SPAN
CLASS="QUOTE"
>"Group Controls"</SPAN
> 
      for a product. This  allows you to 
      configure how a group relates to the product. 
      Groups may be applicable, default, 
      and mandatory as well as used to control entry 
      or used to make bugs in the product
      totally read-only unless the group restrictions are met. 
      </P
><P
>&#13;      For each group, it is possible to specify if membership in that
      group is...
      </P
><P
></P
><OL
TYPE="1"
><LI
><P
>&#13;          required for bug entry, 
          </P
></LI
><LI
><P
>&#13;          Not applicable to this product(NA),
          a possible restriction for a member of the 
          group to place on a bug in this product(Shown),
          a default restriction for a member of the 
          group to place on a bug in this product(Default),
          or a mandatory restriction to be placed on bugs 
          in this product(Mandatory).
          </P
></LI
><LI
><P
>&#13;          Not applicable by non-members to this product(NA),
          a possible restriction for a non-member of the 
          group to place on a bug in this product(Shown),
          a default restriction for a non-member of the 
          group to place on a bug in this product(Default),
          or a mandatory restriction to be placed on bugs 
          in this product when entered by a non-member(Mandatory).
          </P
></LI
><LI
><P
>&#13;          required in order to make <EM
>any</EM
> change
          to bugs in this product <EM
>including comments.</EM
>
          </P
></LI
></OL
><P
>These controls are often described in this order, so a 
      product that requires a user to be a member of group "foo" 
      to enter a bug and then requires that the bug stay restricted
      to group "foo" at all times and that only members of group "foo"
      can edit the bug even if they otherwise could see the bug would 
      have its controls summarized by...</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
> 
foo: ENTRY, MANDATORY/MANDATORY, CANEDIT
      </PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN1493"
>3.10.4. Common Applications of Group Controls</A
></H2
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1495"
>3.10.4.1. General User Access With Security Group</A
></H3
><P
>To permit any user to file bugs in each product (A, B, C...) 
      and to permit any user to submit those bugs into a security
      group....</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
> 
Product A...
security: SHOWN/SHOWN
Product B...
security: SHOWN/SHOWN
Product C...
security: SHOWN/SHOWN
      </PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1499"
>3.10.4.2. General User Access With A Security Product</A
></H3
><P
>To permit any user to file bugs in a Security product
      while keeping those bugs from becoming visible to anyone
      outside the securityworkers group unless a member of the
      securityworkers group removes that restriction....</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
> 
Product Security...
securityworkers: DEFAULT/MANDATORY
      </PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="section"
><H3
CLASS="section"
><A
NAME="AEN1503"
>3.10.4.3. Product Isolation With Common Group</A
></H3
><P
>To permit users of product A to access the bugs for
      product A, users of product B to access product B, and support
      staff to access both, 3 groups are needed</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Support: Contains members of the support staff.</P
></LI
><LI
><P
>AccessA: Contains users of product A and the Support group.</P
></LI
><LI
><P
>AccessB: Contains users of product B and the Support group.</P
></LI
></OL
><P
>Once these 3 groups are defined, the products group controls
      can be set to..</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;Product A...
AccessA: ENTRY, MANDATORY/MANDATORY
Product B...
AccessB: ENTRY, MANDATORY/MANDATORY
      </PRE
></FONT
></TD
></TR
></TABLE
><P
>Optionally, the support group could be permitted to make
      bugs inaccessible to the users and could be permitted to publish
      bugs relevant to all users in a common product that is read-only
      to anyone outside the support group. That configuration could
      be...</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13;Product A...
AccessA: ENTRY, MANDATORY/MANDATORY
Support: SHOWN/NA
Product B...
AccessB: ENTRY, MANDATORY/MANDATORY
Support: SHOWN/NA
Product Common...
Support: ENTRY, DEFAULT/MANDATORY, CANEDIT
      </PRE
></FONT
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="quips.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Quips</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="administration.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Upgrading to New Releases</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>