587 lines
14 KiB
HTML
587 lines
14 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Groups and Group Security</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
|
|
REL="HOME"
|
|
TITLE="The Bugzilla Guide - 3.6.1
|
|
Release"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Administering Bugzilla"
|
|
HREF="administration.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Quips"
|
|
HREF="quips.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Checking and Maintaining Database Integrity"
|
|
HREF="sanitycheck.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>The Bugzilla Guide - 3.6.1
|
|
Release</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="quips.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 3. Administering Bugzilla</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="sanitycheck.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="groups"
|
|
>3.15. Groups and Group Security</A
|
|
></H1
|
|
><P
|
|
> Groups allow for separating bugs into logical divisions.
|
|
Groups are typically used to
|
|
to isolate bugs that should only be seen by certain people. For
|
|
example, a company might create a different group for each one of its customers
|
|
or partners. Group permissions could be set so that each partner or customer would
|
|
only have access to their own bugs. Or, groups might be used to create
|
|
variable access controls for different departments within an organization.
|
|
Another common use of groups is to associate groups with products,
|
|
creating isolation and access control on a per-product basis.
|
|
</P
|
|
><P
|
|
> Groups and group behaviors are controlled in several places:
|
|
</P
|
|
><P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> The group configuration page. To view or edit existing groups, or to
|
|
create new groups, access the "Groups" link from the "Administration"
|
|
page. This section of the manual deals primarily with the aspect of
|
|
group controls accessed on this page.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Global configuration parameters. Bugzilla has several parameters
|
|
that control the overall default group behavior and restriction
|
|
levels. For more information on the parameters that control
|
|
group behavior globally, see <A
|
|
HREF="parameters.html#param-group-security"
|
|
>Section 3.1.9</A
|
|
>.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Product association with groups. Most of the functionality of groups
|
|
and group security is controlled at the product level. Some aspects
|
|
of group access controls for products are discussed in this section,
|
|
but for more detail see <A
|
|
HREF="products.html#product-group-controls"
|
|
>Section 3.4.4</A
|
|
>.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Group access for users. See <A
|
|
HREF="groups.html#users-and-groups"
|
|
>Section 3.15.3</A
|
|
> for
|
|
details on how users are assigned group access.
|
|
</P
|
|
></LI
|
|
></OL
|
|
><P
|
|
> Group permissions are such that if a bug belongs to a group, only members
|
|
of that group can see the bug. If a bug is in more than one group, only
|
|
members of <EM
|
|
>all</EM
|
|
> the groups that the bug is in can see
|
|
the bug. For information on granting read-only access to certain people and
|
|
full edit access to others, see <A
|
|
HREF="products.html#product-group-controls"
|
|
>Section 3.4.4</A
|
|
>.
|
|
</P
|
|
><DIV
|
|
CLASS="note"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="note"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> By default, bugs can also be seen by the Assignee, the Reporter, and
|
|
by everyone on the CC List, regardless of whether or not the bug would
|
|
typically be viewable by them. Visibility to the Reporter and CC List can
|
|
be overridden (on a per-bug basis) by bringing up the bug, finding the
|
|
section that starts with <SPAN
|
|
CLASS="QUOTE"
|
|
>"Users in the roles selected below..."</SPAN
|
|
>
|
|
and un-checking the box next to either 'Reporter' or 'CC List' (or both).
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="create-groups"
|
|
>3.15.1. Creating Groups</A
|
|
></H2
|
|
><P
|
|
> To create a new group, follow the steps below:
|
|
</P
|
|
><P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> Select the <SPAN
|
|
CLASS="QUOTE"
|
|
>"Administration"</SPAN
|
|
> link in the page footer,
|
|
and then select the <SPAN
|
|
CLASS="QUOTE"
|
|
>"Groups"</SPAN
|
|
> link from the
|
|
Administration page.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> A table of all the existing groups is displayed. Below the table is a
|
|
description of all the fields. To create a new group, select the
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"Add Group"</SPAN
|
|
> link under the table of existing groups.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> There are five fields to fill out. These fields are documented below
|
|
the form. Choose a name and description for the group. Decide whether
|
|
this group should be used for bugs (in all likelihood this should be
|
|
selected). Optionally, choose a regular expression that will
|
|
automatically add any matching users to the group, and choose an
|
|
icon that will help identify user comments for the group. The regular
|
|
expression can be useful, for example, to automatically put all users
|
|
from the same company into one group (if the group is for a specific
|
|
customer or partner).
|
|
</P
|
|
><DIV
|
|
CLASS="note"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="note"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> If <SPAN
|
|
CLASS="QUOTE"
|
|
>"User RegExp"</SPAN
|
|
> is filled out, users whose email
|
|
addresses match the regular expression will automatically be
|
|
members of the group as long as their email addresses continue
|
|
to match the regular expression. If their email address changes
|
|
and no longer matches the regular expression, they will be removed
|
|
from the group. Versions 2.16 and older of Bugzilla did not automatically
|
|
remove users who's email addresses no longer matched the RegExp.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="warning"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="warning"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> If specifying a domain in the regular expression, end
|
|
the regexp with a "$". Otherwise, when granting access to
|
|
"@mycompany\.com", access will also be granted to
|
|
'badperson@mycompany.com.cracker.net'. Use the syntax,
|
|
'@mycompany\.com$' for the regular expression.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></LI
|
|
><LI
|
|
><P
|
|
> After the new group is created, it can be edited for additional options.
|
|
The "Edit Group" page allows for specifying other groups that should be included
|
|
in this group and which groups should be permitted to add and delete
|
|
users from this group. For more details, see <A
|
|
HREF="groups.html#edit-groups"
|
|
>Section 3.15.2</A
|
|
>.
|
|
</P
|
|
></LI
|
|
></OL
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="edit-groups"
|
|
>3.15.2. Editing Groups and Assigning Group Permissions</A
|
|
></H2
|
|
><P
|
|
> To access the "Edit Groups" page, select the
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"Administration"</SPAN
|
|
> link in the page footer,
|
|
and then select the <SPAN
|
|
CLASS="QUOTE"
|
|
>"Groups"</SPAN
|
|
> link from the Administration page.
|
|
A table of all the existing groups is displayed. Click on a group name
|
|
you wish to edit or control permissions for.
|
|
</P
|
|
><P
|
|
> The "Edit Groups" page contains the same five fields present when
|
|
creating a new group. Below that are two additional sections, "Group
|
|
Permissions," and "Mass Remove". The "Mass Remove" option simply removes
|
|
all users from the group who match the regular expression entered. The
|
|
"Group Permissions" section requires further explanation.
|
|
</P
|
|
><P
|
|
> The "Group Permissions" section on the "Edit Groups" page contains four sets
|
|
of permissions that control the relationship of this group to other
|
|
groups. If the 'usevisibilitygroups' parameter is in use (see
|
|
<A
|
|
HREF="parameters.html"
|
|
>Section 3.1</A
|
|
>) two additional sets of permissions are displayed.
|
|
Each set consists of two select boxes. On the left, a select box
|
|
with a list of all existing groups. On the right, a select box listing
|
|
all groups currently selected for this permission setting (this box will
|
|
be empty for new groups). The way these controls allow groups to relate
|
|
to one another is called <EM
|
|
>inheritance</EM
|
|
>.
|
|
Each of the six permissions is described below.
|
|
</P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="variablelist"
|
|
><DL
|
|
><DT
|
|
><EM
|
|
>Groups That Are a Member of This Group</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
>
|
|
Members of any groups selected here will automatically have
|
|
membership in this group. In other words, members of any selected
|
|
group will inherit membership in this group.
|
|
</P
|
|
></DD
|
|
><DT
|
|
><EM
|
|
>Groups That This Group Is a Member Of</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
> Members of this group will inherit membership to any group
|
|
selected here. For example, suppose the group being edited is
|
|
an Admin group. If there are two products (Product1 and Product2)
|
|
and each product has its
|
|
own group (Group1 and Group2), and the Admin group
|
|
should have access to both products,
|
|
simply select both Group1 and Group2 here.
|
|
</P
|
|
></DD
|
|
><DT
|
|
><EM
|
|
>Groups That Can Grant Membership in This Group</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
> The members of any group selected here will be able add users
|
|
to this group, even if they themselves are not in this group.
|
|
</P
|
|
></DD
|
|
><DT
|
|
><EM
|
|
>Groups That This Group Can Grant Membership In</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
> Members of this group can add users to any group selected here,
|
|
even if they themselves are not in the selected groups.
|
|
</P
|
|
></DD
|
|
><DT
|
|
><EM
|
|
>Groups That Can See This Group</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
> Members of any selected group can see the users in this group.
|
|
This setting is only visible if the 'usevisibilitygroups' parameter
|
|
is enabled on the Bugzilla Configuration page. See
|
|
<A
|
|
HREF="parameters.html"
|
|
>Section 3.1</A
|
|
> for information on configuring Bugzilla.
|
|
</P
|
|
></DD
|
|
><DT
|
|
><EM
|
|
>Groups That This Group Can See</EM
|
|
></DT
|
|
><DD
|
|
><P
|
|
> Members of this group can see members in any of the selected groups.
|
|
This setting is only visible if the 'usevisibilitygroups' parameter
|
|
is enabled on the the Bugzilla Configuration page. See
|
|
<A
|
|
HREF="parameters.html"
|
|
>Section 3.1</A
|
|
> for information on configuring Bugzilla.
|
|
</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="users-and-groups"
|
|
>3.15.3. Assigning Users to Groups</A
|
|
></H2
|
|
><P
|
|
> A User can become a member of a group in several ways:
|
|
</P
|
|
><P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> The user can be explicitly placed in the group by editing
|
|
the user's profile. This can be done by accessing the "Users" page
|
|
from the "Administration" page. Use the search form to find the user
|
|
you want to edit group membership for, and click on their email
|
|
address in the search results to edit their profile. The profile
|
|
page lists all the groups, and indicates if the user is a member of
|
|
the group either directly or indirectly. More information on indirect
|
|
group membership is below. For more details on User administration,
|
|
see <A
|
|
HREF="useradmin.html"
|
|
>Section 3.2</A
|
|
>.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The group can include another group of which the user is
|
|
a member. This is indicated by square brackets around the checkbox
|
|
next to the group name in the user's profile.
|
|
See <A
|
|
HREF="groups.html#edit-groups"
|
|
>Section 3.15.2</A
|
|
> for details on group inheritance.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The user's email address can match the regular expression
|
|
that has been specified to automatically grant membership to
|
|
the group. This is indicated by "*" around the check box by the
|
|
group name in the user's profile.
|
|
See <A
|
|
HREF="groups.html#create-groups"
|
|
>Section 3.15.1</A
|
|
> for details on
|
|
the regular expression option when creating groups.
|
|
</P
|
|
></LI
|
|
></OL
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN2166"
|
|
>3.15.4. Assigning Group Controls to Products</A
|
|
></H2
|
|
><P
|
|
> The primary functionality of groups is derived from the relationship of
|
|
groups to products. The concepts around segregating access to bugs with
|
|
product group controls can be confusing. For details and examples on this
|
|
topic, see <A
|
|
HREF="products.html#product-group-controls"
|
|
>Section 3.4.4</A
|
|
>.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="quips.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="sanitycheck.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Quips</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="administration.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Checking and Maintaining Database Integrity</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |