[opensuse-buildservice] Understanding permissions
Hi, I am trying to understand the permissions in OBS and how to control who can make changes to projects. 1. What is the difference between global_<permission> and <permission> under roles? I can't see a difference. Users with either permissions can pretty much do anything, at least the things I have tested. 2. How can I make a user fully control his home project without giving him/her permission to other non home projects? Removing the non global permissions does not work: user is not able to create or change packages or add repos 3. It seems users with change_package permission can submit requests to a project and accept them. Is there any document online describing this in more details? Thanks Anas --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Anas Nashif schrieb:
Hi, I am trying to understand the permissions in OBS and how to control who can make changes to projects.
Hi, first, almost all permission configuration is done via <person> entries in the package or project metadata. The admin interface isn't really usable for permission management at the moment.
- What is the difference between global_<permission> and <permission> under roles? I can't see a difference. Users with either permissions can pretty much do anything, at least the things I have tested.
global_* permissions are independent from a specific resource (project/package). Users having those permissions can do the associated actions to every resource. The nonglobal roles are always associated with a specific resource and currently can't be set properly from within the admin interface. They are given via <person> elements in the resource metadata.
- How can I make a user fully control his home project without giving him/her permission to other non home projects? Removing the non global permissions does not work: user is not able to create or change packages or add repos
Make sure <person role="maintainer" userid="his_user_name"/> is set in his home project metadata. This element should be set automatically on creation of the project.
- It seems users with change_package permission can submit requests to a project and accept them.
Interesting... change_package permission on the source package is needed to create a request, that's true. But only users with change_project on the target project should be able to accept it. I'm pretty sure it works as intended, but will check again.
Is there any document online describing this in more details?
Unfortunately not, as there was never any kind of "design phase" for the role/permission management, it grew (and is still growing) with the code. Andreas
Thanks Anas
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Anas Nashif -
Andreas Bauer