Feature #2076

Individual Permissions for Each Project

Added by Steven Lu about 11 years ago. Updated over 6 years ago.

Status:ClosedStart date:2008-10-23
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Permissions and roles
Target version:-
Resolution:Duplicate

Description

There should be an ability to set options for each type of member for every project. A company might have multiple projects where one will be open source and another would be closed source publically accessible and in this case, issues still need to be reported.


Related issues

Related to Redmine - Feature #1853: Make Projects truly independent of each other New 2008-09-04
Related to Redmine - Feature #4015: Make app settings overridable at project level New 2009-10-10
Related to Redmine - Feature #1086: Fine grained permissions New 2008-04-22
Duplicates Redmine - Feature #850: Per-project role permissions New 2008-03-14

History

#1 Updated by Thomas Lecavelier about 11 years ago

AFAIK, your needs are fully met by defining roles specifically for every project: roles are give to project members for each project. And since each project can be defined public or private, there's no conflict between OSS and closed source project.
Maybe I'm missing one of your requirement?

#2 Updated by Steven Lu about 11 years ago

A registered non-member user of the closed source project should be able to add issues for the project but not be able to view the source code of the project from the repository. However, this same member who is also a non-member of an open source project should be able to add an issue and view the source.

There is no option to set what a non-member can or cannot do for each individual project in Redmine. Yes, you can set it to public for all to view or private to hide it from all, but there's nothing you can do if you want something in between public and private and/or separate permissions between two projects.

#3 Updated by Thomas Lecavelier about 11 years ago

Now I see you're need, but I've no opinion about this option: it removes from redmine administrator the ability to handle behavior of non-members users, giving out this responsability to project administrator... Could be a good thing, if every project admin are aware of their responsabilities, but I have great doubts about this...

#4 Updated by Steven Lu about 11 years ago

I think it would be a great option to add especially if you had an on and off option in the administration section.

#5 Updated by Robert Navarro almost 11 years ago

I'd like to see this feature as well.

I currently have two public projects one of which I don't want non-registered users viewing/browsing the Repository. I want users to have to register to view/browse the repository.

However, on the other public project I would like it so that non-registered users are free to view/browse the repository.

#6 Updated by Anonymous almost 11 years ago

It is very important feature for me too.

I will be very happy if I see it in 0.8.1 version :)

#7 Updated by Anonymous over 10 years ago

Same here. We have OpenSource projects where Anonymous Users should be able to browse the repository and closed source projects where Anonymous shouldn't have access to the repository but the project is public too.

It would be enough if Anonymous and Non-Member Rights could be defined or overwritten per project.

#8 Updated by Craig G about 10 years ago

+1 for this feature. At our company, we like to give contractors access to certain projects in Redmine (in which they are involved) but prevent them from access for our other projects. It would be a nice feature to configure project-level security, or mark a project as hidden to all users except those who are directly involved, or something like that.

#9 Updated by Marcelo Fernandes almost 9 years ago

+1

#10 Updated by Oliver Karstedt over 8 years ago

Are there any new developments here?

We want to start using redmine and love it so far but we also want to invite our clients to redmine in order to improve our workflow. Of course these clients must only be allowed to see projects, in which they are involved. Otherwise they can go into any project, view all tickets and even start creating tickets.
I think that's a major security problem, so in my opinion this is a very critical issue, isn't it?

#11 Updated by random tao over 8 years ago

pretty important feature, but will probably require a large refactoring :(

#12 Updated by Oliver Karstedt over 8 years ago

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

#13 Updated by Steven Lu over 8 years ago

Oliver Karstedt wrote:

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

That is totally not what this ticket suggests. What if you have open source projects where you don't want your users to commit? Or, what if you have a project that needs bug reporting to the public level but you don't want your source to be out there?

#14 Updated by Oliver Karstedt over 8 years ago

Steven Lu wrote:

That is totally not what this ticket suggests. What if you have open source projects where you don't want your users to commit? Or, what if you have a project that needs bug reporting to the public level but you don't want your source to be out there?

And that's why I said "everyone who might have the same problem" as in "everyone who might have the same problem I had". It's totally not what solves this ticket but it totally solved my problem as explained above. And Craig G's problem, too btw. Just thought it would be helpful to others to post the answer to a question I asked. Sorry for causing inconvenience...

#15 Updated by George Plymale over 8 years ago

Oliver Karstedt wrote:

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

Thanks for this. Yes, the problem was that even though I initially understood the Public attribute, and thought I unchecked it, it was still on and making projects public by default. After a second review of it and ensuring that it was not selected it is indeed working correctly now!

#16 Updated by Andriy Lesyuk over 7 years ago

I wrote plugin which can help with this issue: http://projects.andriylesyuk.com/projects/role-shift

#17 Updated by Toshi MARUYAMA over 6 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

Duplicate with #850.

#18 Updated by Toshi MARUYAMA about 5 years ago

Also available in: Atom PDF