Administer User Roles and Permissions
The ReqIF Server controls access to all information items on a low level. Depending on his role, a user views all information or just a subset. Similarly, he may or may not update a given attribute. Generally speaking, for every attribute of an object (e.g. requirement), individual permissions to Create, Read, Update and Delete ('CRUD') can be granted.
The following chapters describe briefly, how permissions are grouped by roles and how users can be given a role.
Roles and Permissions
A role represents a certain set of permissions. In order to simplify administration, the ReqIF Server has three built-in roles:
- The ADMIN role grants Create, Read, Update and Delete permission to all information items.
- The READER role grants Read permission to all information items.
- The REQIF role grants Read permission plus the edit permissions as defined in the project's RIF/ReqIF file.
In addition, user-defined roles can be created. Again in order to simplify administration, a lower level inherits the permissions of the next higher level, unless it has its own. Thus, to give a role the right to read all information items, it is sufficient to specify Read permission at project level.
In the screenshot example, the role 'Manager' has read permission for most information elements by virtue of the inherit mechanism ('I'). There are three exceptions, namely the attribute 'Requirement/ID' is invisible, because all permissions are denied, and the attributes 'Requirement/Author Status' and 'Requirement/Author Comment' have create, read and update permission. Please note that the roles 'ADMIN' and 'READER' are not shown to save screen space, as the assignment of permissions is both constant and obvious. The permissions of role 'REQIF' are shown, but cannot be edited, as they are under control of the import files' 'is-editable' attributes.
Users and Roles
A registered user must get a role for a project to access it. By clicking the respective button, an administrator assigns a role to a given user. It is equally simple to withdraw a role by clicking the red 'delete role' button.
When a role is assigned to user which did not have role before, the user 'jumps up' from the lower group to the upper, and when his role is deleted, it 'jumps down'.
The screenshot shows the view 'users per project' to select roles for registered users per project. There is a similar view 'projects per user' to select a role (or no role) per project for a given user.