Security Settings Examples

[Beth]

Table of Contents
(articles are not in the same order as the index, use the links)

Please note that some of the examples use older screenshots and are only updated when something has changed. Despite a color change, the UI works the same.

Examples without Groups

• Ensuring Repository Access

Examples with Groups

• Folder Security example where the default access is deny.
  
  Folder Security where users have repository access but default to read-only.
  
  Creating a group that can administrate a repository
  
  Shared Administration

Work Item Tracking Security (Vault Professional Only)

• Work Item Tracking Security

[Beth]

Folder Security example where the default access is deny.

1) Select Default Repository and ensure No Access is the default setting.

fig1.JPG (63.94 KiB) Viewed 65874 times

2) Under the repository, click on Groups and create a new group.

fig2.JPG (45.77 KiB) Viewed 65874 times

3) Assign the group to have repository access.

fig3.JPG (25.92 KiB) Viewed 65874 times

4) You will then notice that the rights for the users in the group changed to match the group rights.

fig4.JPG (12.75 KiB) Viewed 65874 times

5) On the Folder Security page, the users that have access have listed their defaults based upon their repository access that came from the group.

fig5.JPG (45.72 KiB) Viewed 65874 times

6) Since we want these users to only access 2 particular folders, Folder1 and Folder4, we will deny them access at $ using the group.

fig6.JPG (42.28 KiB) Viewed 65874 times

7) Notice farther down that the subfolders show where the rights were inherited from.

fig7.JPG (41.38 KiB) Viewed 65874 times

8_) At Folder1 we edit the group rights.

fig8.JPG (43.34 KiB) Viewed 65874 times

9) At Folder4 we edit the group rights.

fig9.JPG (42.19 KiB) Viewed 65874 times

10) Now when we look at the repository, we see that the user only has access to Folder1 and Folder4. It looks like the user has more access, because there is another folder, but that is actually a share. A user gets rights to both sides of a share. There are other files and folders under the Branches folder that the user doesn’t see because access has only been allowed to Folder1.

fig10.JPG (17.78 KiB) Viewed 65874 times

[Beth]

Folder Security where users have repository access but default to read-only.

***In this example, all users have their defaults set to repository access and read-only.

1) Repository default access is set at the repository in the admin web page.

fig1.JPG (61.8 KiB) Viewed 65874 times

2) When adding a user, set the default rights to Read.

fig2.JPG (36.52 KiB) Viewed 65874 times

3) A group only has the default settings of Access or No Access to a repository.

fig3.JPG (35.1 KiB) Viewed 65874 times

4) Further group rights can be defined in Folder Security. In this case, we will give RCA rights to the group at $. Notice, the users are not yet affected. None have been added to the group.

fig4.JPG (52.03 KiB) Viewed 65874 times

5) Now we will add user1 to the group and user1’s rights will reflect the group and have full RCA rights to all repository folders.

fig5.JPG (43.69 KiB) Viewed 65874 times

6) We will create a second group and that will be for users who should only have RCA rights to Folder4 and Folder5.

fig6.JPG (20.27 KiB) Viewed 65874 times

7) I set the group to have access to the repository, but then no access at $.

fig7.JPG (54.7 KiB) Viewed 65874 times

8_) At Folder4 and Folder5 I gave the group RCA rights. Those rights are now reflected by user2 and user3.

fig8.JPG (53.35 KiB) Viewed 65874 times

[Beth]

Ensuring Repository Access

1) When creating a new user, check their default security rights.

fig1.JPG (29.92 KiB) Viewed 65874 times

2) Go to the repository the user needs access to, and check what the repository default is as well as what rights the user is showing.

fig2.JPG (35.84 KiB) Viewed 65874 times

3) If the user has access, but doesn’t see anything, then check to see if Folder Security is turned on. That is found in the initial repository settings.

fig3.JPG (21.61 KiB) Viewed 65874 times

4) If folder security is turned on, then go to the folder security link to troubleshoot the settings at root or areas below root.

fig4.JPG (24.46 KiB) Viewed 65874 times

[Beth]

Creating a group that can administrate a repository

1) Expand the repository you would like the group to have administrative rights to. Click on Groups. Click Add on the right side to add a new group.

fig1.JPG (16.02 KiB) Viewed 65874 times

2) Give the group a name and add which users you want to be in that group. Click Save.

fig2.JPG (40.08 KiB) Viewed 65874 times

3) On the left, click on Repository Access. Under Groups on the right, select the group, give it Full Admin rights, and click Assign.

fig3.JPG (25.02 KiB) Viewed 65874 times

4) On the same Repository Access page, if you look down to individual users, you will see the person assigned will inherit the rights.

fig4.JPG (11.39 KiB) Viewed 65874 times

When the user that belongs to the new group logs in, they will see they can perform administrative tasks only on the repository they were given rights to.

[Beth]

Shared Administration

When you add a new group under a repository or a project, you may notice towards the bottom that there is a section called Shared Administration and a list of the repositories. What this section does is allow administrators from other repositories or projects, who are not Global Administrators, edit the repository for which you are creating the new group. If a user was already a Global Administrator, then that user already has rights to modify any administrative setting.

The setting "Admins can use this group" allows admins of the listed repository to also edit the security settings on this repository or project.

The setting "Admins can use and modify this group" allows admins of the listed repository to not only change the security, but to also change settings of the group you are creating.

For example, if I created a new group for my Initial Repository, and I want admins of C Code to be able to edit this group and security as well, I would click the drop down for C Code and select "Admins can use and modify this group."

[Beth]

Work Item Tracking Security


Admins can create multiple work item projects and change the security for each one.

1) After a project is created, an administrator needs to go to Project Access in the Vault admin web page.

ProjectAcces.JPG (58.49 KiB) Viewed 58704 times

2) Scroll down to see the users that can have rights. There a user can be given Read Only, Modify, or Full Admin rights to the project. This applies to work items.

project user rights.JPG (21.18 KiB) Viewed 58704 times

3) If in a project there needs to be a division of work items all users can see and work items users can't see, then one can turn on the Public/Private option. These items aren't public to non-Vault users, but can be seen by all users. Private items are only seen by those allowed to see both Public and Private items.

Remember to click Save after turning on public items.

set public.JPG (60.56 KiB) Viewed 58704 times

4) The easiest way to give users rights to private items is to create a Group.

public private group.JPG (65.62 KiB) Viewed 58704 times

5) When users add work items, they will mark the items as public if they want all Vault users who have access to that project to see that work item.

make public.JPG (44.73 KiB) Viewed 58704 times