Project specific admin

Added by Lajish Lakshmanan over 5 years ago

Hi all,

Is there any provision to create/have project specific admin. Since different projects have different project managers and development managers. Providing admin rights to such users create confusion and a threat to redmine integrity. Please somebody suggests if there is any option for same.

Replies (7)

RE: Project specific admin - Added by Martin Denizet (redmine.org team member) over 5 years ago

Hi Lajish,

In Redmine, admins can bypass permission checks and manage the global configuration such as authentication, users, groups, roles etc...
For projects, you can give all permissions to a non admin user who will be able to manage everything at a project level and I guess that's what you want.
Otherwise, if you want different people to be able to change global configuration without creating conflicts, you should simply run several instances of Redmine.

Cheers

RE: Project specific admin - Added by Lajish Lakshmanan over 5 years ago

Hi Martin,
Whatever you told is right. But in my organisation, we are using Redmine for different projects, so different users can have same role. Due to this an user in one project get same rights as that of other user in another project. Somehow I can manage this situation by making project as private but I need to see issues of other projects in order to get information.

Please suggest, how can i solve this situation.

RE: Project specific admin - Added by Martin Denizet (redmine.org team member) over 5 years ago

I guess I misunderstand. What is wrong with the following?:

  • Project1:
    • User1: Manager role(all permissions on the project)
    • User2: Limited role with viewing issues permission only
  • Project2:
    • User1: Limited role with viewing issues permission only
    • User2: Manager role(all permissions on the project)

Permissions are on a per Project basis, except for global permissions used in certain plugins and the "Admin" permission of course but it is not linked to roles.

Roles can be created/edited in the Administration, Roles and Permissions.

RE: Project specific admin - Added by Lajish Lakshmanan over 5 years ago

Hi Martin,

Thanks for your early reply. It is a way to solve the problem but not in a correct way. Anyway, I tried it and works fine. But it is not possible to create unnecessary roles for handling this logic. Don't you have a thought of instead of having roles permissions based on project instead of globally. And Administrator should be able to set Roles permission in project itself.

Once again thanks a lot for your valuable suggestion and time you spent.

RE: Project specific admin - Added by Martin Denizet (redmine.org team member) over 5 years ago

You are right, there is no logic in roles. I think that you are missing to get this manageable is to apply roles on groups.
From what I understand, here is how I would manage your Redmine instance:
  • Create a group Team1 (Or maybe Project1 Managers, if it makes sense to you)
    • Assign the role Manager to Team1 on the project Project1
    • Assign the role Issue viewer (Custom role with viewing issues permissions only) to Team1 on the project Project2
My advise is to never give roles to users but to groups.
In a sample project, I would design my permissions as bellow:
  • Group Dev Managers associated to project Product1 with role: Manager
  • Group Developpers associated to project Product1 with roles: Developer and for example if I need them to also on this specific project to edit the DMSF, I'd create a role named DMSF Editor and also associate it to the group on the project
  • Group QA Analysts associated to project Product1 with roles: Issue reporter, Repository viewer, DMSF viewer which are specific roles adding permissions

And then I can give the group Dev Managers a role to view issues on another project called Marketing for example.

Note that it's a good idea to make roles granular only if you have many projects and that the permissions for users vary between project as it seems to be the case for you.
I managed a Redmine instance with about 150 projects and 40 users so I'm familiar with the challenges of permissions management :)

I hope it helps and doesn't make you more confused!

RE: Project specific admin - Added by Rômulo Augusto dos Santos Gomes over 4 years ago

Hi. I have a doubt.
My need in my redmine instance is this:
I need a user on redmine who has admin rights, but on one specific project this user can't do anything, even don't see it.
Is it possible?
Thanks in advance.

RE: Project specific admin - Added by Fabio Peruzzo over 2 years ago

Martin Denizet (redmine.org team member) wrote:

You are right, there is no logic in roles. I think that you are missing to get this manageable is to apply roles on groups.
From what I understand, here is how I would manage your Redmine instance:
  • Create a group Team1 (Or maybe Project1 Managers, if it makes sense to you)
    • Assign the role Manager to Team1 on the project Project1
    • Assign the role Issue viewer (Custom role with viewing issues permissions only) to Team1 on the project Project2
My advise is to never give roles to users but to groups.
In a sample project, I would design my permissions as bellow:
  • Group Dev Managers associated to project Product1 with role: Manager
  • Group Developpers associated to project Product1 with roles: Developer and for example if I need them to also on this specific project to edit the DMSF, I'd create a role named DMSF Editor and also associate it to the group on the project
  • Group QA Analysts associated to project Product1 with roles: Issue reporter, Repository viewer, DMSF viewer which are specific roles adding permissions

And then I can give the group Dev Managers a role to view issues on another project called Marketing for example.

Note that it's a good idea to make roles granular only if you have many projects and that the permissions for users vary between project as it seems to be the case for you.
I managed a Redmine instance with about 150 projects and 40 users so I'm familiar with the challenges of permissions management :)

I hope it helps and doesn't make you more confused!

Martin, your solutions is very interesting but, correct if I'm wrong, it functions well only if association between group and users it stable: I mean, users inside Team1 or Dev Managers are always the same, none user can be in two different groups otherwise I could have permissions in one project where instead I suppose he is no Manager, for example.
If user1 is Manager of Project1 but not in Project2, he cannot be inside group Managers, that are supposed to be manager in all projects.

We are configuring new Redmine instance in our company server and role&permission topic is very hot, cause we have many users from external companies partecipating to projects but that should not have permission to see everything inside project. Besides we have colleagues not from R&D office that should partecipate to project: how to manage all the support services (production engineer, purchasers, after sales) without set them as members of projects? I think a good way is to set projects as publics and set all services as non-member users.

Fabio

(1-7/7)