4.0 Admin Tool is a nightmare

This forum is now locked, since Gold Support is no longer offered.

Moderator: SourceGear

Locked
Lane
Posts: 85
Joined: Thu Oct 26, 2006 10:58 am

4.0 Admin Tool is a nightmare

Post by Lane » Wed Aug 08, 2007 2:03 pm

I can't figure out how to do many of the things that were simple in the old tool.

Right now I'm very frustrated because I want to change the default rights for a group and I can't see any way to do that. I'm having to update each user manually.

If I go to Server Settings -> Groups, shouldn't I be able to set a default access for that group for all repositories? If I click Overview, it shows me all my repositories, but there's no way to set RCA access for groups.

And everything has such a ridiculously slow response.

The old (Windows-based) admin client had its quirks, but at least it worked.

You folks need some serious usability help when you're designing web-based software.

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Wed Aug 08, 2007 2:31 pm

Lane,

I may be confused as to what you're trying to do, but the old admin tool couldn't set default folder security for groups. There's just no way to do that in Vault. The reason we don't have that is that it would be really confusing if there were a user default and a group default. Which default should win? In every other case, the order of precedence is user default, group explicit setting, and user explicit setting.

As for the ridiculously slow response time, that does concern me quite a bit. We've reproduced a customer complaint where having many users and many repositories caused the Admin tool to perform very slowly, even when not dealing with users or repositories. We're working very hard to resolve this issue, and if you're interested, we'll let you know when we have a solution that you can try.

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Wed Aug 08, 2007 3:02 pm

One thing that should work, though is to apply folder security for a group to the $ node in a repository. You should be able to click the repository Name -> Folder Security and add an assignment for the group.

Lane
Posts: 85
Joined: Thu Oct 26, 2006 10:58 am

Post by Lane » Wed Aug 08, 2007 4:01 pm

I'm not talking about folder security. I'm talking about default Read, Check In/Check Out, and Add/Rename/Delete permissions. I am unable to set these at the group level. I want to assign a user to a group and have all their permissions inherited from that group, except where I explicitly override. Otherwise, what's the point of having groups?

Slow response times: When I check a checkbox, there is a delay while some behind-the-scenes action takes place. Seems like you have auto-postback turned on for every user control.

Changing user settings one at a time takes forever if I have to do more than one or two.

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Wed Aug 08, 2007 4:21 pm

Read, Check In/Check Out, and Add/Rename/Delete permissions is what we call folder security. You should be able to set a group to have Read, Check In/Check Out, and Add/Rename/Delete permissions on a folder in a repository, and have user permissions override group permissions. In order to do this, go to the Folder Security page for the repository, click on the $ node, and add a group assignment under the Group Rights section.

Please let me know if this doesn't work for you, because it should.

Lane
Posts: 85
Joined: Thu Oct 26, 2006 10:58 am

Post by Lane » Wed Aug 08, 2007 4:52 pm

No, this doesn't work, because I have not enabled folder security on most of the repositories. My understanding of folder security is that it allows different access to the folders within a repository. I'm talking about general default access to all repositories, and I don't want to set these permissions on a repository basis, because I have over 100 repositories in my database.

We have two user groups (in addition to the admin group). One of these groups had default RC permission; the other had default RCA permission. This was working fine in 3.5. When I got a new user, I assigned him/her to the appropriate group, and he/she got all the correct permissions for that group. I could also override these settings for individual users. I can't figure out how to do that in 4.0.

GregM
Posts: 485
Joined: Sat Mar 13, 2004 9:00 am

Post by GregM » Wed Aug 08, 2007 5:26 pm

That RC/RCA access doesn't do anything unless you have folder security enabled. If you don't have folder security enabled, it's all or nothing access to the repository for each user.

(I used to think it worked the way you described too, but found that it didn't after talking with support about it.)

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Thu Aug 09, 2007 7:42 am

Here's all the levels of security that have ever been in Vault:

Repository Access:
Every repository can specify which users can see its existence. Vault 4.0 added the ability to specify Repository Access settings for a group. The possible values are:
No Access
Access
Full Admin (New to 4.0, this means the user can administer the repository through the web based admin tool)

Folder Security:
In order to use folder security, it must be enabled for the repository. Folder security lets you specify which actions a user or group can perform on a repository. In order to use Folder Security, it must be enabled on the repository. Since the root folder of the repository is just another folder, you can control the user or groups permissions to the entire repository just by applying security rights to the root folder.

If a user is explicitly given rights to a folder, then that setting overrides any group or user default rights.
If a user is a member of a group that is explicitly given rights to a folder, that overrides the user's default rights.
If a user has no explicit user or group assignments, the user's default rights are used.

In all of this discussion, the thing that I keep worrying about is why the admin tool is so painfully slow for you. I want to make sure that when we get a fix for the slowdown that you're seeing, we get it to you as soon as possible.

Lane
Posts: 85
Joined: Thu Oct 26, 2006 10:58 am

Post by Lane » Thu Aug 09, 2007 9:16 am

Please consider this, then, a request to be able to do what I thought I could do all along: specify, by group, default R, C, and A permissions.

As far as the slowness, here are some examples:

On Repository.aspx, the Save button is disabled unless I change something. I check the box to enable folder security, and I get a wait cursor for about three seconds before the Save button is enabled.

When adding a new user (User.aspx), I enter a name, email, and login. I then have to tab off the login textbox and wait for the Save button to be enabled. Or if I click on the Assign to Groups listbox, I have to wait for it to be enabled. Same thing happens if I change an existing user from Active to Inactive.

These things aren't a big deal if I'm making one change at a time, but making changes for multiple users, this causes a lot of slow-down.

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Thu Aug 09, 2007 9:47 am

So that I know exactly what you want, where would you propose to put group default folder security in the list of folder security precedence above?

Lane
Posts: 85
Joined: Thu Oct 26, 2006 10:58 am

Post by Lane » Thu Aug 09, 2007 10:05 am

I would suggest that a user's default rights should always be inherited from his/her group membership. Without group membership, a user should only have those rights that are explicitly defined.

My addition is in bold below:

If a user is explicitly given rights to a folder, then that setting overrides any group or user default rights.
If a user is a member of a group that is explicitly given rights to a folder, that overrides the user's default rights.
If a user has no explicit user rights, and the user is a member of a group that has no explicit rights, the group's default rights are used.

If a user has no explicit user or group assignments, the user's default rights are used.

To put it another way, this is what I want to be able to do:

Create a group that has RCA permission on all repositories, regardless of whether folder security is turned on.

Create another group that has RC permission (but no A) on all repositories, regardless of whether folder security is turned on.

Create a third group with only R permissions.

Assign users to one of those groups so I can easily determine who can do what.

Then be able to override these settings for individual users by explicitly allowing (or disallowing) permissions on a given repository. Again, this should be available regardless of whether folder security is turned on.

I don't see any way to turn on folder security for all repositories.[/list]

jeremy_sg
Posts: 1821
Joined: Thu Dec 18, 2003 11:39 am
Location: Sourcegear
Contact:

Post by jeremy_sg » Thu Aug 09, 2007 1:43 pm

Lane,

We have a fix for the horribly slow admin tool that you're seeing. Please give me an email using the button below this post, and I'll send it to you.

-Jeremy

Locked