https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292021-01-09T03:27:44ZRedmineRedmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1004882021-01-09T03:27:44ZGo MAEDA
<ul></ul><p>James Brady wrote:</p>
<blockquote>
Example:
<ul>
<li>Role 1
<ul>
<li>I don't remove <strong>Close</strong> status from all statuses in that role's Workflow.</li>
<li>I remove all edit permissions from Issue Tracking permissions. </li>
</ul>
</li>
<li>Role 2
<ul>
<li>I remove <strong>Close</strong> status from all statuses from that role's Workflow. </li>
<li>I allow <strong>Edit Issues</strong> permission in Issue Tracking permissions.</li>
</ul></li>
</ul>
<p>If I assign a user both Role 1 and Role 2, he will be able to Close issues.</p>
</blockquote>
<p>It is normal behavior. A user with multiple roles has all permissions assigned to the roles. And the user also is allowed all status transitions configured for the roles.</p>
<p>Since the user in the example belongs to "Role 1" and "Role 2", all permissions and status transitions configured in both roles are available for the user. The user has "Edit issues" permission because it is allowed via "Role 2", and is allowed to change the status of an issue to "Close" because the transition is allowed via "Role 1".</p> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1005172021-01-10T03:57:20ZJames Brady
<ul></ul><p>I understand that the user has edit capability because the permissions are active on at least one of the roles. <br />I still suggest it's a bit unclear, on its face, that the workflow for the role without edit permission affects anything, particularly since that workflow cannot be edited while the edit permissions are off.</p> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1007812021-02-02T10:47:10ZMischa The Evil
<ul></ul><p>James Brady wrote:</p>
<blockquote>
<p>[...]<br />The confusion is bolstered by the fact that you can't see the role in the dropdown on the Workflow edit page, to correct such a mistake, until you restore the edit permissions on that Role's edit page, in the Permission's section.</p>
</blockquote>
<blockquote>
<p>[...]<br />I still suggest it's a bit unclear, on its face, that the workflow for the role without edit permission affects anything, particularly since that workflow cannot be edited while the edit permissions are off.</p>
</blockquote>
<p>I agree with James that this could be very unexpected behavior that could be hard to pin down especially due to the mentioned UI-issue.</p>
<p>Given that issues regarding this are repeatedly posted on redmine.org, I think that this should be at the least properly and thoroughly documented. But then, the whole current documentation (not only on these more advanced situations with workflow transitions/field permissions, (global-)permissions and their combined effect when also being applied through multiple roles, etc.) is pretty sparse to begin with.</p>
<p>@Everyone: feel free to update the wiki with the herein provided information.</p> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1007872021-02-02T12:07:37ZMischa The Evil
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-1 priority-4 priority-default" href="/issues/34284">Defect #34284</a>: In Role edit view the per tracker table only shows up when "View Issues" permission is selected</i> added</li></ul> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1007902021-02-02T12:33:25ZMischa The Evil
<ul><li><strong>Follows</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/15988">Defect #15988</a>: Unexpected behaviour on issue fields for users that have multiple roles </i> added</li></ul> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1007922021-02-02T12:33:54ZMischa The Evil
<ul><li><strong>Follows</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/285">Feature #285</a>: Tracker role-based permissioning</i> added</li></ul> Redmine - Defect #34570: Misleading workflow/permission issuehttps://www.redmine.org/issues/34570?journal_id=1052052022-01-13T13:08:58ZBolesław Kalinowski
<ul></ul><p>I have one more observation. If the user has <em>Fields permisions</em> set for tracker X in Role A, and in Role B tracker X is not visible, then when editing, all editing fields are uncovered. This is very unintuitive.</p>