How to use permissions and groups

[Ariel Balter]

I can't figure out how I am supposed to use permissions and groups. I have attached some screenshots to show what I'm seeing.

I'm logged in as admin. I show the view from Admin>Permissions so you can see what groups I have set up and what their permissions are.

Q1. Is a "Role" in usermanagerplugin the same as a "Subject" in Admin>Permissions?

When I look at the permissions tab for users, they belong to groups that they are not supposed to. There are check boxes by the groups, but no button for "remove".

Q2a. How do I set what groups a user belongs to? Q2b. Are these "groups" the same as "Role" or "Subject"?

Permissions that are already selected are greyed out. Therefore, I cannot change them.

Summary of questions:

1. What is the difference between "Role", "Group", "Subject"
2. Where/How do I definitively set what "Group" a user belongs to and what permissions they have when using the UserManagerPlugin?

Thanks, Ariel

[Ariel Balter]

I keep getting errors when trying to attach the screenshots. I have put them here: ​http://myotherstuff.org/share/screenshots/

[Catalin BALAN]

Hey abalter,

Q1: Out of the box, the "role user profile field is intended to be used more like a title field, ex. "Project Manager"/ "Web Designer" / "IT Manager".

Please note that custom profiles fields can be added as well. These custom fields can be used then either in custom ticket workflows to select a specific user/s(ie. status = develop -> testing assign ticket to QA manager) / filter users in userprofileslist macro or implement other security rules based on these fields.

Q2: Regarding groups and roles, no changes there. Usermanager's admin screens provide just a different view. If Admin > Permissions shows the explicit permission for all subjects, usermanager's permission panel provides all permissions for one subject, explicit and inherited(greyed ones).

Regarding groups, a trac group is more like a set of permissions that can be attached to a user.

Thank you, Catalin Balan

[Ariel Balter]

Hi cbalan, The problem is, I don't seem to have full control over a user's permissions from their permissions tab. For instance, I have no control over what is the "parent" group they are assigned to that is responsible for the "inherited" permissions.

I think it would be better if the behavior was like this: The Permissions tab had two parts, "groups" and "custom permissions". I the groups section, ALL available groups are listed. You simply select which group you want the user to belong to. If you want custom permissions, you use the custom permissions part in which no boxes are greyed out. That is, you can select and deselect any permission you want for that user. The idea woudl be that you would use one or the other, groups or custom. So, if you start customizing the permissions, they are unselected on the groups part, that is, belong to no particular group. For efficiency, you might want to start with a group permissions scheme and then tweak it. Removing the group permission once you start customizing would be automatic.

If there is a way to accomplish this flexibility in the current version, I'd like to know how. Otherwise, should I submit the above as an "enhancement" ticket?

Thanks much!

--abalter

[Ariel Balter]

Hi cbalan,

I got usermanagerplugin working again. Here is a more specific description of the problem I'm having. Please see the two screenshots: ​http://myotherstuff.org/share/groups_paradox_1.png ​http://myotherstuff.org/share/groups_paradox_2.png

In the first, you can see that I have created a group called "guest" with special permissions. I have also created a user called visitor that I've given the permissions of the group guest. However, when I look at the detailed permissions, there are many greyed-out permissions, suggesting that visitor actually has a parent group from which it is inheriting some permissions. I do not want that. I did not select any parent group when I created the user visitor. I also want visitor to only have the permissions explicitly specified in the group guest. This is what I can't figure out how to do.

Thanks in advance for your help on this.

--abalter