New Gemini Permissions Needed?
Using Gemini 3.1.2.
I have 9 projects in Gemini.
I have 2 global groups: "IT Users" and "Everyone (Authenticated)"... Well, there are 2 other groups: "Everyone" and "Gemini Administrators" - I don't use these, but have not removed them.
I have no project groups.
All IT dept. members are in the IT Users group. Nobody else is assigned an explicit group, so they're all in "Everyone (Authenticated)" by default.
8 of the Gemini projects are "owned" by the IT department I'm in. ("Hardware", "Software", "Security", "Web Development", "App Development", etc). Only IT users should have access to administer these issues (Create, Move, Edit, Comment, Close, etc).
The last project is the "Add New Request" project. The "Everyone (Authenticated)" group has limited access to this project. It is the only project in which they can create issues.
I have 2 Security Schemes:
1. All users (Default): IT Members have all permissions except "Only View My Own Issues". The Everyone (Authenticated) group has "View Project", "Create Comment", "Only View Own Issues" permissions. This scheme is applied to the 8 IT projects.
2. All Users (Add New): Same as above, plus Everyone (Authenticated) also has "Create Issue". This scheme is applied to the 1 "Add New Request" project.
The site is in Portal Mode, group chosen is Everyone (Authenticated).
The result of this is that non-IT users can log in, and they see almost nothing. The Add New Request title is shown, but they can see no issues. They use the "Create Issue" link in the top navigation bar to create an issue. They can only choose the "Add New Request" project for their issue.
IT users can log in and see everything, as desired.
Our internal process is: non-IT users log in to Gemini and create an issue (e.g. "Please upgrade my software"). IT gets the notification email, someone logs in and evaluates the issue, moving it from "Add New Request" to an appropriate Project based on the issue's description, etc.
Now however, the original requestor can no longer see the issue. Even by following a link to it, they're redirected back to the Add New Request issue list.
Furthermore, no (non-IT) users can view other issues in the system now. Particularly un-useful if the CFO wants to know what happened to his department's request for software upgrades... and he can't see any issues at all.
I would like to know if it's possible to configure Gemini so that:
1. I can specify a "Default" project for users to see. Example: non-IT users log in and always see the issue list for the "Add New Request" project. They can create an issue or navigate to the projects list via nav links, but they start out right where most of them will stop.
2. I can designate some of my projects read-only for non-IT users: Example: non-IT users can view lists/details of issues in the "App Development" project - but not comment/edit, etc., unless they're involved in the issue (see #4)
3. I can desginate some of my projects as IT-only: Example: IT users can see that project in the list, but non-IT users won't see it unless they're involved in an issue in that project (see #4).. and then they'd only see the list of issues in which they're involved.
4. My non-IT users could always see lists/details of their own issues, or issues where they are a watcher, regardless of which project it's in (hidden/readonly/etc)
5. My non-IT users could only comment on their own issues (where they are the original requestor or a watcher on the issue), regardless of which project it's in.
Thanks
JBroome
· 1 |
|
Wednesday, July 15, 2009, 6:23:32 PM |