In ClearQuest, access privileges are assigned via group policies. As such, every user is part of one or more groups. The disadvantages of this approach are obvious: if some user is an executive in one project and a manager in another project (which have different access rights) within one ClearQuest database, he will have the higher rights of each group. Or if, for example, we have two managers in two different projects (within one database), they are usually in the same group - “Managers”. This allows them to view and modify each other’s data, which is definitely incorrect behavior of the system. This solution allows for a role-based approach. This way, within one database, each project has resources, which in turn have roles within the project. Each user can have some one role in one project, and a different role in another project, and the system will track the user’s privileges based on his roles in the two projects. A role-based approach allows for effective resource tracking, because only one database is needed to ensure every user has appropriate access rights in each project he’s part of. From a technical point of view, the module creates a project entity, and within that entity all defects, requests and tasks are tracked. A role-based configuration is built into the project, which tracks changes to defects, requests and tasks, determining access rights based on a role’s configuration within the project.
0 comments:
Post a Comment