When I create a new Simple Project in AEM 6.1 in the project view (/projects.html). I then add users to the projects groups (editors, owners, observers). But when I reload the page that shows the users and groups I can see all users are observers, no other groups are used, no matter what I configured.
What am I doing wrong here?
That's simply a bug in the UI. AFAIK it is fixed with 6.2.
Every project user is member of the observers group. If you put a user for example in the editors group, he will also be member of the observers group ad the UI is showing only one group per user and bad enough it's always the observers group that is shown, all the others are hidden.
Take a look at the useradmin and you will see that the users are in the correct groups.
Related
In my Azure boards, I have a hierarchical structure of the areas. In the team settings, all teams have areas being set, just like described here: https://learn.microsoft.com/en-us/azure/devops/boards/plans/safe-configure-boards?view=azure-devops#configure-area-paths
Is there a way for one team to see only the area it is set to, but no other areas? Currently, in Boards>Work items any member of any team can see everything, even User stories that do not belong to his area. How can I restrict this?
Edit: it might be from Security options of an area, add a group to it and make work items invisible, see this screenshot from Azure documentation.
But, even as an admin, I don't have such option to add! Why is that?
The UI has changed. There is no add option in the security settings page now.
You can directly search for the Team Group in the Search box and change its permission settings. See below screenshot.
Okay, in addition to Levi's answer:
First, every new user added to a project is also added by default to one of this project's groups: Contributors, Readers, Admins. I'm not considering admins here.
If we want to make one area visible to only one team, we need to do the following:
Either modify Contributors or Readers rights so that the "View project-level information" is set to Deny, and then for each new user, add it to a team and for that team set this option to Allow for the area needed
or (better)
Create our own groups for which "View project-level information" is set to Deny (for ex. Developers, QAs, etc.), and then for each new user, remove it from Contributors or Readers and add it to the corresponding group. Then add the user to a team, and for that team set the "View project-level information" option to Allow for the area needed
I am trying to understand the complete purpose of organisations in ADO. What I have understood is that an organisation groups projects, defines resources, extensions, billing, etc. that is related to the organization.
I am struggling with the user part of an organization. I can add users to an org giving them an access level. But I can also add users directly to a project without adding them to an organization at all.
What is then the consequence of this? Is then access level by default stakeholder for those users?
Thank you
You can add people to projects instead of to your organization. Users
are automatically assigned Basic features if your organization has
seats available, or Stakeholder features if not.
For this please refer to the Note of this document.
When you add members to projects and you don't have billing set up, Basic access is automatically assigned, until you run out of seats available. When you add members to projects and you do have billing set up, Basic access is assigned only if your default access level is set to Basic. Otherwise, project members are assigned Stakeholder permissions.
You can refer to Add members to projects or teams for details.
If you add an user to a project that user will be added to the organisation as well. At least when the said user first logs in. The user will get the access level you define as default.
I am trying to edit my branch security policies, but nothing ever seems to save. I've tried editing permissions, adding groups, removing groups and nothing seems to happen.
Is there supposed to be save button? This interface is new and appears not to be working.
I am an admin on this Azure account.
To the above question you posted in comment, here is the answer for that:
The groups listed below are inbuilt groups. You will not be able to delete those inbuilt groups.
And if you would like to add any groups, you would need to first create that group in Project Settings and then come back to Branch Security and Add that group here :
Go to Project Settings --> Security --> Create Group
Once you Create the group, go back to Repos --> Branches --> Branch Security --> Click on Add Group and search for the group you created earlier.
You should be able to delete the groups that you have created, But keep one thing in mind that if you delete a group that you created all the users in the group will loose permissions as well.
Yes this is a New UI and it is automatic save when you change the permissions.
Have you tried changing the selection in the dropdown and see if it works?
Once you change the selection in dropdown there will be an indication that the value is changed.
There is no Save Button in the new UI.
The Green tick indicates that the value is changed.
Please take a look at the screenshot below.
As a DevOps administrator I want to give restricted access to the backlog of our project to a user.
I want to limit his access. Meaning that the user can only see Work Items he has created in the backlog, nothing else.
Is their a way of doing this?
the user can only see Work Items he has created in the backlog,
nothing else
I am afraid that this feature you want is not feasible.Boards is visible to all members of your organization.
You can only set the member to Project Readers at most, so that members only have read permissions but no modified permissions.
You can set the Assign to filter condition in the Filter of the backlogs to see the work items assigned to a specific person, but it can't prevent the user from viewing the work items assigned to others. In addition, there is no filter condition to see who created the work items.
This is a few different questions.
First one is how do you delete a user group? I've seen the option for removing a group from another group, but I haven't been able to find an option for completely deleting the group.
Second is how do I set security so that users in a specific group can only view and run reports? So far, I've gone into User Security on the group, disabled inheriting from the parent group and folder, and set "View" and "View On Demand" in basic settings and "View objects" and "View objects that the user owns" in advanced. But regardless of what they have, either they can still move and delete reports or can't view anything at all depending on whether they're under the Administrators group.
Related to that last part of the second question, when the user group is a subgroup of Adminsitrators they can see all the tabs, but if I move them to the Everyone group, then they can't see anything when logged in when I set the Folders view on Configure CMC Tabs. Ideally, I'd like the users to be under a different group entirely for clarity, but then they can't seem to do anything, which definitely won't work.
Finally figured this out.
For the first one, I couldn't delete the group because it had customized security settings. After resetting those to the default inheritance and removing it from all other groups, I was able to delete it fine.
For the folders and running the reports, the security has to be set on the folder structure, not on the user group.