We have a TeamCity instance with a variety of projects and build configurations on it, with no security set up at present. Although it's OK for most of the projects to be publicly visible, we'd like to set up a couple of projects that are only visible to certain users.
Because there are many public projects already set up on the server, across a variety of teams, we'd like to avoid setting up restrictions on everything - that is, we'd rather use "deny access to project Z" than "allow access to project A, allow access to project B, ..., allow access to project Y".
How can I restrict access to these projects without affecting the public projects?
In case anyone still needs an answer, this can be done by TeamCity itself.
Go to Administration -> Groups -> 'Create new group'. For example, public
Assign roles to this group. You can choose 'Grant role in selected projects' radio button and choose those public projects and click Assign button.
I wanted to Create 'Testers' group and give them permission to trigger deployments for 'Test Build Configuration' only. Here is what I did. (BTW, this is TC 9.1 )
Go and 'Enable Per Project Permissions'
Created a role 'Project Tester' under 'Roles' and assign permissions 'run build' to the role
Created a group 'Test Team' and assigned the role 'Project Tester' to it.
And obviously, add the users to the group. Hope that helps someone.
Related
I've upgraded a 1.5 Joomla to actual verison 3.9.x and I have now a special permission problem.
Users are categorized by standard groups, coming with Joomla, so there are 2 super users and some "Managers". Super users usually create articles, managers are finalizing und publishing them.
So, in System -> Global Configuration -> Articles -> Permissions is set to "Edit - Allow" and "Edit state - allow", which means that on every new created article managers can edit the articles.
Now, the super user clicks on Content -> Articles -> New and check that (not-yet-saved) permission tab. The "Calculated permission" shows a green "Allowed" state in "Manager" tab - as set in the global configuration.
Now, the article will be saved, and re-opened, now the permission tab in manager shows RED "Forbidden" although its saved with explicit "Allowed".
When changing and saving the corrected state again (on the existing article), the permissions are set correctly and the managers can edit the article.
In the actual state, the super user must create an article, close and re-open it and set the right permissions to make it available to other backend users.
How can I fix that?
My guess:
On the first save, the permissions are not set correctly, so Joomla is using "fallback permissions" which means that just super users can edit that article.
Edit:
Here's an interesting comment in joomla core source code, where permissions are saved:
#to do: incorrect info When creating a new item (not saving) it uses the calculated permissions from the component (item <-> component <-> global config).
But if we have a section too (item <-> section(s) <-> component <-> global config) this is not correct.
Also, currently it uses the component permission, but should use the calculated permissions for achild of the component/section.
Try to open and save your superusers. This might at least correct any issue with the actual user, that arised after your wishful upgrade attempt :)
If there are many issues after your upgrade, and your web site is not huge, i would consider doing a fresh install of the latest Joomla, and importing data in a more manual /semi manual way. Else I guess you'll be having issues for a while...
Can I copy/clone the whole instance from one to different?
How can I do that? Is there any widget?
If anyone can help me, that would be great.
Yes you can, with a few caveats:
Only users with an Admin role can request a clone
by default the clone target instance must be non-prod (this can be changed in the system properties though)
personal developer instances cannot be a target instance
Instructions:
As an Admin (user with admin role), in the navigation menu of the
source instance, go to "clone targets" and click "new". It will ask
for the target URl, user name and password.
Now you have a clone target, in the navigation menu of the source
instance, go to "request clone". You need to select the newly
created target instance, a scheduled time for the clone (usually has
to be a few hours in the future), and fillout your email address so
you get updates on progress.
Once the clone is completed, you can log into the target instance which will be freshly cloned.
I have one TeamCity project Dac.Test that contains 3 configurations: DEV, QA, PROD.
Also I have some users associated with their Roles. Is this possible to hide / show certains configurations for selected users or groups?
For example: Users associated with group: Testers can see QA configuration, but not PROD and DEV.
There is no way of managing user permissions per-build, this is available on a project level only. You could create a sub-project in the Dac.Test project to cater for this
If you're looking for a way of stopping people from mistakenly running this build, the following approach will work.
This method uses a prompt box that will pop up after you click the run button, it also needs input from the user confirming that they mean to run the build.
No one can run this build by accident
Go to your build configuration in the TeamCity UI
From here, go to Edit Configuration Settings --> Parameters --> Add new parameter
Enter something like 'Confirmation' as the parameter name
Then beside 'Spec:', click the 'Edit...' button
Set up the parameter as shown in the following screenshot:
You will now be prompted and asked for confirmation when you click the run button. The user will have to enter 'YES' in the prompt box that appears, any other value will stop the user from building:
This is best accomplished by using TeamCity's built-in role management. Roles allow you to set fine-grained permissions for users and groups. One potential issue, however, is that roles are scoped to projects (not build configurations). You'll need to create a separate Dac.Test QA project+configuration and provide your Testers the necessary privileges there. You'll also need to make sure that they are stripped of all privileges for the Dac.Test project.
We use TeamCity 7.1.1 to publish NuGet packages on both the authenticated and public feed URLs. I've just created a new package and can't get it to show up on the public feed, though it does appear on the private feed once I log in.
It smacks of a permissions problem, but I've assigned 'All Users' the 'Project Viewer' role on that build. I have another build that is showing up correctly, and the configuration seems the same. What could be stopping my new build from appearing on the public feed?
Solved it! I've been scratching my head for hours and of course I find the answer 30 seconds after posting to StackOverflow!
It seems that the Guest account is not a member of All Users, so assigning the Project Viewer role to All Users is not sufficient.
One has to explicitly assign the Project Viewers role to the Guest User. This is confusingly done in a completely separate screen, under Guest user settings, linked from the top right hand side of the main user administration screen. Walla! Job done.
I have a problem to manage security in OWB,
First:
It is possible to create another user repository (but not repository owner) that refering to specified repository for example:
I have repository called 'Project' and i have repository owner 'OWB_Owner' so it is possible to create another user that when it login into that 'Project'
Second:
I want the another user just can run the specific mapping in OWB (not all mapping), the repository owner give the priveleges for run mapping for this another user
Hope u can help me solve this problem, thank so much
Yes, it's possible and that's how it should be done. OWB is a multi-user development environment.
You create your repository with a "repository owner" and add other development users to the repository.
From the "Design Center";
go to "Globals Navigator" --> Security --> Users. You can see the existing users.
To add new users; right-click "Users" and select "New User".
You can add any existing DB users as OWB users or add an entirely new user. In the latter case, new DB user will be created.
To control permission on a mapping;
Select the mapping;
Select "View" from the menu.
Select "Security".