Bugzilla access control – Allowing one group to create and access all bugs and another only to access it’s own bugs

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Now, something completely different: Bugzilla.

Bugzilla is one of the most used bug tracking systems worldwide. It’s stable, somewhat customizable, and suits most possible uses, where software development is concerned, and sometimes, also outside the software world.

Now, one of the aspects where is falters the most is on user access control. It isn’t because it doesn’t work, but because it is awkward and counter intuitive, until you get used to it…

Let’s look at 3 scenarios:

    1. All users can create and edit bugs. Please make sure there is at least some kind of access control at network level. To achieve this, do nothing. It works out of the box.
    2. All users inside a group can add and edit bugs on a product. Any user not on the group cannot edit not access any bugs on this product. This is the most common access control method. Simply add the user to the product access group, and configure the group to the following setup: Mandatory/Mandatory, ENTRY
    3. Allow some users to create and edit to all bugs on a product, and other to add, but only see the ones created by them. Now this is the tricky one, and it’s done the following way:

Allowing one group to create and access all bugs and another only to access it’s own bugs

First of all, we need to remember that a bug is only accessible to a user, if the user is present on *ALL* groups of the product.



So, let’s make the following example:

Lets assume we have a product, called Product 1, and 2 different user groups: User group A and User group B. Our goal is to make sure that:

  • All members of user group A are able to add new bugs on Product 1
  • All members of user group A are able to access all bugs on Product 1
  • All members of user group B are able to add new bugs on Product 1
  • All members of user group B can only see the bugs created by users of user group B
  • Members of user group A can select some bugs created by user group A, to be accessible to user group B

How it is done:

On the Product 1 control access, configure the following settings:

  1. On group management, set that all members of user group A are also part of user group B
  2. On the product access control set: User group A: Default/Default
  3. On the product access control set: User group B: Mandatory/Mandatory, ENTRY

What does this means?

  1. All bugs created by user group B will belong to group B. As both the user group B and user group A users belong to this group, everyone will access it.
  2. All bugs created by user group A will belong to both group A and group B. So only members of user group A will this this criteria.
  3. If some user of user group A wishes a bug to be accessible to user group B, it only needs to *remove* group A from that bug.

Side note: if needed, we can also make all bugs read only to user group B. Simply add “CANEDIT” to the configuration of group A.



  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply