Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Time report & Issue / Project visibility

web-app

I have the following scenario:

- Project A is accessible by everyone

- Project B is only visible for let's say me

The security scheme of project A is everyone can do everything.

The security scheme of project B only allows me to do something.

Now I log time on issues in project A and in project B.

Any user now can go to Project A and click "Time Tracking", getting an overview of time logged by all users on the project.

In this list he can click on the name of a user and now he gets the time sheet of that specific user, including the project and issues that should not be visible to him !

Is there a security setting I can set to prevent this rather strange behaviour ?

First I thought it might be caused to the isuue visibility attribute, so I changed this from everyone to a specific project group to which only I am assigned, but this did not change anything.

It would be better in this case to restrict the time sheet to issues related to the project. The reason you click on a name is to see on which issue of the project that user has worked.

Kind regards.

Tom

tomgeens
· 1
tomgeens
Replies (4)
helpful
0
not helpful

We are looking into this and will get back to you as soon as possible.


Mark Wing
· 9108
Mark Wing
helpful
0
not helpful

Ok, we think we understand the problem.

Please correct me if  i am wrong:

You have a user that can view time logged in one project only. Now that user is viewing the time for the project and drilling down on a specific user. Now he sees time for more than the project he / she  is allowed to view. Is this correct?

Basically, this was done in order to allow users to see if the resource is busy on other projects.

However, I do agree that it is wrong to show those issues and times.

Please let me know if this is correct and we will add it to the list for 3.1.


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Sorry for my late answer, but this is exactly the scenario I am talking about. The timesheet ignores the security settings and schemes.

 

 

 


tomgeens
· 1
tomgeens
helpful
0
not helpful

Saar Cohen
· 5000
Saar Cohen