Visual Studio Online Permission Management - user-permissions

We have recently moved to Visual Studio Online. In there we have multiple projects. There are many people in different roles in our team.
The last thing that challenged me was about access right for certain things in VSO.
Here is the scenario for Employee "E1".
"E1" should be able to contribute to project "P1". It should be able to see the changesets and make changes in the code. And it should also be able to see/modify/delete all WorkItems in "P1" project.
"E1" should be able to see project "P2" 's changesets, workitems but E1 should not be able to modify workitems or source code in "P2"
"E1" should be able to access to "P3" but only for WorkItems with read-only access.
"E1" should be able to access to "P4" to manage WorkItems with read-write access. It should not see Changeset.
Can I setup E1 access to P1, P2, P3, P4 projects based on the given restriction ?
Thank you in advance.

Yes, VSO provide several groups with different access permission to the project. You can add your users to corresponding groups to control their permission or set the permission for user directly.
To set the permission to work items:
Open your project from web portal
Click “Manage Project” icon in the up right corner.
Click “Area” tab.
Right click on the area and select “Security”.
Then you can edit the permission for these groups and users. To control the access to work items, you can set the permission for “Edit work items in this node” and “View work items in this node”.
One thing you need to know is that the work items cannot be deleted from web portal. You can only delete the work item from command line via “witadmin destroywi” command and you must be a member of the “Team Foundation Administrators” security group or the “Project Administrators” security group for the team project collection. Instruction about destroywi: https://msdn.microsoft.com/en-us/library/dd236908.aspx
To set the permission to code resource:
1.Open your project from web portal.
2.Click “Code” tab.
3.Right click your code resource and select “Security…”
Set “Read” permission to read the code/changeset and set “Check In” permission to make changes in the code.
For more information about VSO permission, please refer to this link from MSDN for details: https://msdn.microsoft.com/en-us/library/ms252587.aspx

Related

Disable directory listing in artifactory

I need to Disable directory listing in .
Any suggestions ?
I tried to search for result in google but didn't find any
I only found a way that you can block the connection to the URL but this isn't what i need
If you are looking to disable the directory-listing for particular users, then you can achieve this by adding providing the repository path exclude-pattern at the permission target end.
In the below example, I have enabled anonymous user access only to specific packages, Please refer below steps for the same:
I have created a PyPI local repository, deployed python packages into it as shown in the below screenshot:
screenshot
After this, created a permissions target to restrict access to a specific folder called st-fraud-infra to the anonymous user. Hence added st-fraud-infra/** as a exclude pattern, kindly refer to the below screenshot for the same:
screenshot
Add anonymous users from the Users tab and provided appropriate permissions based on your requirement.
screenshot
Once you saved the permission target while accessing the Artifactory through the anonymous user, I could not see the excluded folder which is st-fraud-infra.
screenshot

File sharing read/write permissions

I have noticed that in Dropbox, you can share a file with another user, in 'read' mode, and that viewer has the ability to share that file with others via a read-only sharable link. However, in Drive, a read-only user is unable to share a link with another user at all.
Which approach would be more similar to how the Unix/Linux approach to permissions works? Why?
Try to visit the Google Drive REST API Overview in the official GDrive documentation specifically in the Share and collaborate section which was elaborated as:
apps can display a standard Google Drive sharing dialog to let users share files
What you want to do is more on Manage Sharing:
Access to files & folders is determined by an access control list
(ACL). An ACL is a list of permissions that determine whether or not
users can perform actions on a file such as read or write. See the
permissions
guide
for additional details about permissions and roles along with the
reference
guide.
Also, what want is to assign a direct file permission to the user, group or domain. It was stated to use the teamDrivePermissionDetails field to determine the use of effective role.
To see more on how to lists a file's or Team Drive permission, you can refer to the method Permissions: list

Restrict Artifact Upload to a single repository

I am using Nexus OSS 2.13.0-01. I want to restrict Artifact Upload for a single user to a single repository (All other users should not be able to upload Artifacts to any of the repositories).
I followed the documentation to create custom repository target, custom privileges and custom roles. However, I see that 'Artifact Upload' is a Privilege of the type 'Application'. If I understand it right, I can not make 'Artifact Upload' applicable to a single Nexus repository but on the entire Nexus Application.
Hence, I am getting 'Artifact Upload' tab for every repository in Nexus and not a single repository.
How do I achieve it?
Cheers,
Anantha
The "artifact upload" privilege controls whether or not the upload UI tab is visible. It does not grant privileges to actually upload anything, for that the user needs create or update privileges in the repository.
It is not practical to make the upload UI appear and disappear based on whether a user has write privileges. Checking to see if user has upload permissions is actually quite complex when you consider how nexus repository permissions work. They consist of...
Repository Targets:
A regular expression describing patterns of artifacts that can be
uploaded (e.g, "/com/foo/somecompany/someproject/.*"
A repository type which is allowed (e.g, "maven2", or "any content".
Repository Target Privileges:
A repository target
A repository where the target applies, or "all repositories"
Further complicating matters is that repository privileges are transitive. Privileges applied to group repositories also apply to the groups member repositories. So a privilege granted for a group repository is also granted for the groups members.
So in the general case we can't tell if a user has permission to upload something until they actually try to upload it.

Alfresco Ldap create a group folder as home folder for users

I´m using Alfresco-LDAP to migrate all my ldap users to Alfresco service.
So far I achieve transfer all users but for every user the home folder created in Alfresco for them is his name, and what I would like, is to share a folder for all members of the ldap group, since I have multiple groups and every user of that group only can get files from that group.
This is the property
ldap.synchronization.defaultHomeFolderProvider
I read in the Alfresco documentation http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
But seems like what I´m trying to do is not contemplated.
Any suggestion please?
unfortunately there is no configurable HomeFolderProvider for groups supporting specific spaces. You need to crate your own HomeFolderProvider in Java for that. Out of the box you could use the companyHomeFolderProvider which is normally used if you want to disable the homefolder feature. The user object requires a userhome to be able to log in and the work around is to set the root (company_home) for that.
s.
[1] https://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
[2] Disable the user home folder creation

Plone 4 Deletion Permission (security tab under ZMI)

I have the Intranet / Extranet workflow enabled on a Plone 4.2 site, I have removed most of the members permissions (so they can only view).
I created an account and started to add some content but even though I have the "Owner" role permission "Delete portal content" enabled (under mysite.com/manage_access) however my test user is unable to delete anything, which is great... However they cannot delete anything they have created either (I need them to be able to delete content they create).
I have searched on Google but am getting results related more to accomplishing bulk user actions using python scripts.
Basically what I want is that if you created the content, you are able to delete it, if you did not create it you cannot delete it.
Currently I have the second part setup and that's working, but for some reason it seems to be ignoring the "Owner" role, even on content I have created.
I can't find any other permission that I could tick that would indicate ability to delete content you own, can anyone lend any insights? Thanks.
EDIT:
To expand on the problem, it seems if I create a folder and then create content under it, that content is not deleteable, but if I then create a folder, and content within the folder I created, although the folder is not deletable the content within it is.
This was resolved by installing collective.deletepermission and adding the necessary "Delete Objects" permission to the "Owner" role in the ZMI under manage_access

Resources