Project

General

Profile

RedmineRoles » History » Version 25

Go MAEDA, 2018-01-07 15:52

1 1 Jean-Philippe Lang
h1. Roles & permissions
2
3 25 Go MAEDA
A role is a collection of permissions. It lets you define the permissions that the members have on a [[RedmineProjects|project]].
4
5
Each member of a project has one or multiples Role(s) for the project. If a member has multiple roles in a project, the permissions applied to the member is the combination of all roles' permissions. A user can have different roles for different projects.
6 1 Jean-Philippe Lang
7
You can create new roles or edit existing ones. You can delete a role only if nobody has this role on a project.
8
9
h2. Roles properties
10
11
* *Name*: display name of the role
12 2 Jean-Philippe Lang
* *Issues can be assigned to this role*: if unchecked, issues can not be assigned to members with this role on a project.
13 15 Etienne Massip
* *Issues visibility*: assuming that this role includes the ??View Issues?? permission, the following rules apply to the issues of the projects the user is tied to through it:
14 16 Go MAEDA
** _All issues_ : the user can see all issues.
15
** _All non private issues_: the user can see all issues which are not marked as private. This is the default.
16 15 Etienne Massip
** _Issues created by or assigned to the user_: the user can only see issues created by or assigned to her/him.
17 23 Hinako Tajima
* *Time logs visibility*: assuming that this role includes the ??View spent time?? permission, the following rules apply to the issues of time logs the user is tied to through it: 
18 22 Hinako Tajima
** _All time entries_ : the user can see all time logs.This is the default.
19
** _Time entries created by the user_ : the user can only see time logs created by or assigned to her/him.
20
* *Users visibility*: the user can select the range of other users who can see time logs. It influences list of users in watcher selection screen and propriety of profile page appearance.
21 23 Hinako Tajima
** _All active users_ : the user can see all users information who is registered in Redmine.This is the default.
22
** _Members of visible projects_ : the user can only see users information who is a member of the project.
23 1 Jean-Philippe Lang
24 5 Jean-Philippe Lang
h2. Permissions
25 1 Jean-Philippe Lang
26
When editing a role, you can define its permissions by checking/unchecking the different actions.
27
28 4 Jean-Philippe Lang
|_. Permission|_. Description|
29
|\2. *_Project permissions_*|
30
|Create project|Allow non-admin users to create a root project
31 13 Graham King
You can specify which role will be automatically given to a non-admin user who creates a project (see [[RedmineSettings#Projects]])|
32 4 Jean-Philippe Lang
|Edit project|Allow user to edit project properties|
33 20 Go MAEDA
|Close / reopen the project | Allow user to close / reopen projects |
34 4 Jean-Philippe Lang
|Select project modules|Allow user to enable/disable project modules (such as issues tracking, wiki, repository...)|
35
|Manage members|Allow user to add/remove project members or change the roles of existing members|
36
|Manage versions|Allow user to add/edit/delete project versions|
37
|Create subprojects|Allow user to add subprojects to the project|
38 20 Go MAEDA
|Manage public queries|Allow user to save/edit/delete public queries|
39 21 Go MAEDA
|Save queries|Allow user to save/edit/delete their private queries|
40 4 Jean-Philippe Lang
|\2. *_Boards permissions_*|
41
|Manage boards|Allow user to add/edit/delete project forums|
42
|Post messages|Allow user to post new topics in forums|
43 8 Mischa The Evil
|Edit messages|Allow user to edit any message and to remove any message attachments|
44 4 Jean-Philippe Lang
|Edit own messages|Allow user to edit its own messages only|
45
|Delete messages|Allow user to delete any topic or reply|
46
|Delete own messages|Allow user to delete its own topics or replies|
47
|\2. *_Documents permissions_*|
48 17 Go MAEDA
|Add documents|Allow user to add project documents|
49
|Edit documents|Allow user to edit project documents|
50
|Delete documents|Allow user to delete project documents|
51 4 Jean-Philippe Lang
|View documents|Allow user to view documents|
52
|\2. *_Files permissions_*|
53
|Manage files|Allow user to add/edit/delete project files under the Files section|
54
|View files|Allow user to view files|
55
|\2. *_Issue tracking_*|
56
|Manage issue categories|Allow user to add/edit/delete issue categories|
57
|View Issues|Allow user to view project issues|
58
|Add issues|Allow user to create new issues|
59
|Edit issues|Allow user to fully edit existing issues|
60 18 Go MAEDA
|Copy issues|Allow user to copy existing issues|
61 7 Mischa The Evil
|Manage issue relations|Allow user to add/remove relations between issues|
62
|Manage subtasks|Allow user to add/remove subtasks to issues|
63 4 Jean-Philippe Lang
|Add notes|Allow user to add comments to existing issues|
64
|Edit notes|Allow user to edit any issue comment|
65
|Edit own notes|Allow user to edit its own comments only|
66
|Delete issues|Allow user to delete issues|
67
|Manage public queries|Allow user to add/edit/delete issue queries that are visible by all users|
68
|Save queries|Allow user to save its own issue queries|
69
|View gantt chart|Allow user to view the gantt chart|
70
|View calendar|Allow user to view the calendar|
71
|View watchers list|Allow user to see who is watching an issue|
72 1 Jean-Philippe Lang
|Add watchers|Allow user to add other users as watchers of an issue|
73
|Delete watchers|Allow user to remove watchers of an issue|
74 5 Jean-Philippe Lang
|\2. *_News permissions_*|
75
|Manage news|Allow user to add/edit/delete project news|
76
|Comment news|Allow user to add comments to news|
77
|\2. *_Repository permissions_*|
78
|Manage repository|Allow user to configure the project repository|
79
|Browse repository|Allow user to browse and view the content of the project repository|
80 14 Mischa The Evil
|View changesets|Allow user to view the changesets|
81 5 Jean-Philippe Lang
|Commit access|Used by Redmine.pm to give write access to the project repository
82
See [[Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl]]|
83
|\2. *_Time tracking permissions_*|
84
|Log spent time|Allow user to log time on the project|
85
|View spent time|Allow user to view the time logs on the project|
86
|Edit time logs|Allow user to edit any time log|
87
|Edit own time logs|Allow user to edit its own time logs only|
88
|Manage project activities|Allow user add/edit/delete activities|
89
|\2. *_Wiki permissions_*|
90
|Manage wiki|Allow user to create or delete the project wiki
91 11 Tharuka Pathirana
Deleting a wiki is an *irreversible* operation, it deletes all pages, their history and all attached files!|
92 5 Jean-Philippe Lang
|Rename wiki pages|Allow user to rename existing wiki page or assign wiki pages to a parent page|
93
|Delete wiki pages|Allow user to delete wiki pages
94
Deleting a wiki page is an *irreversible* operation, the page and all its history are deleted!|
95 1 Jean-Philippe Lang
|View wiki|Allow user to view the wiki|
96 7 Mischa The Evil
|Export wiki pages|Allow user to export wiki pages to various formats (pdf, html, ...)|
97 5 Jean-Philippe Lang
|View wiki history|Allow user to view older versions of the wiki pages, and diff between versions|
98
|Edit wiki pages|Allow user to edit unprotected wiki pages|
99
|Delete attachments|Allow user to delete existing wiki page attachments|
100
|Protect wiki pages|Allow user to lock/unlock wiki pages, and edit locked pages|
101 4 Jean-Philippe Lang
102 1 Jean-Philippe Lang
h2. System roles
103
104 24 Go MAEDA
There are two system roles in Redmine: 'Non member' and 'Anonymous'. They are internally used by Redmine and thus cannot be deleted.
105 1 Jean-Philippe Lang
106
* *Non member*: this role lets you define the permissions that a registered user has on projects which he is not a member of.
107
* *Anonymous*: this role lets you define the permissions that anonymous users have on the projects.
108
109 24 Go MAEDA
Note that these two roles only apply to public projects since anonymous users and users who are not a member of a private project cannot even see it.
110 6 Jean-Philippe Lang
111 24 Go MAEDA
As a consequence of the fact, that Anonymous and Non member roles cannot be assigned to a specific user or group, but are assigned automatically, the permissions of these roles are global for a given Redmine installation. To be more concrete: You can create different developer-roles (reporter1,reporter2,...) with slightly different permissions to fit specific needs of specific projects. However: you cannot adapt Anonymous and Non member roles in a way, that non-members are allowed to create board-messages in one project, but are forbidden to do so in another project.
112 9 Glenn Gould
113 24 Go MAEDA
Some permissions cannot be given to these roles. For example, the 'Manage members' permission cannot be given to non member or anonymous users.