Security Settings Examples

A collection of information about Vault, including solutions to common problems.

Moderator: SourceGear

Post Reply
Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Security Settings Examples

Post by Beth » Mon Feb 04, 2013 9:11 am

Table of Contents
(articles are not in the same order as the index, use the links)

Please note that some of the examples use older screenshots and are only updated when something has changed. Despite a color change, the UI works the same.

Examples without Groups
Examples with Groups
Work Item Tracking Security (Vault Professional Only)
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Mon Feb 04, 2013 9:20 am

Folder Security example where the default access is deny.

1) Select Default Repository and ensure No Access is the default setting.
fig1.JPG
fig1.JPG (63.94 KiB) Viewed 51947 times
2) Under the repository, click on Groups and create a new group.
fig2.JPG
fig2.JPG (45.77 KiB) Viewed 51947 times
3) Assign the group to have repository access.
fig3.JPG
fig3.JPG (25.92 KiB) Viewed 51947 times
4) You will then notice that the rights for the users in the group changed to match the group rights.
fig4.JPG
fig4.JPG (12.75 KiB) Viewed 51947 times
5) On the Folder Security page, the users that have access have listed their defaults based upon their repository access that came from the group.
fig5.JPG
fig5.JPG (45.72 KiB) Viewed 51947 times
6) Since we want these users to only access 2 particular folders, Folder1 and Folder4, we will deny them access at $ using the group.
fig6.JPG
fig6.JPG (42.28 KiB) Viewed 51947 times
7) Notice farther down that the subfolders show where the rights were inherited from.
fig7.JPG
fig7.JPG (41.38 KiB) Viewed 51947 times
8_) At Folder1 we edit the group rights.
fig8.JPG
fig8.JPG (43.34 KiB) Viewed 51947 times
9) At Folder4 we edit the group rights.
fig9.JPG
fig9.JPG (42.19 KiB) Viewed 51947 times
10) Now when we look at the repository, we see that the user only has access to Folder1 and Folder4. It looks like the user has more access, because there is another folder, but that is actually a share. A user gets rights to both sides of a share. There are other files and folders under the Branches folder that the user doesn’t see because access has only been allowed to Folder1.
fig10.JPG
fig10.JPG (17.78 KiB) Viewed 51947 times
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Mon Feb 04, 2013 9:43 am

Folder Security where users have repository access but default to read-only.

***In this example, all users have their defaults set to repository access and read-only.

1) Repository default access is set at the repository in the admin web page.
fig1.JPG
fig1.JPG (61.8 KiB) Viewed 51947 times
2) When adding a user, set the default rights to Read.
fig2.JPG
fig2.JPG (36.52 KiB) Viewed 51947 times
3) A group only has the default settings of Access or No Access to a repository.
fig3.JPG
fig3.JPG (35.1 KiB) Viewed 51947 times
4) Further group rights can be defined in Folder Security. In this case, we will give RCA rights to the group at $. Notice, the users are not yet affected. None have been added to the group.
fig4.JPG
fig4.JPG (52.03 KiB) Viewed 51947 times
5) Now we will add user1 to the group and user1’s rights will reflect the group and have full RCA rights to all repository folders.
fig5.JPG
fig5.JPG (43.69 KiB) Viewed 51947 times
6) We will create a second group and that will be for users who should only have RCA rights to Folder4 and Folder5.
fig6.JPG
fig6.JPG (20.27 KiB) Viewed 51947 times
7) I set the group to have access to the repository, but then no access at $.
fig7.JPG
fig7.JPG (54.7 KiB) Viewed 51947 times
8_) At Folder4 and Folder5 I gave the group RCA rights. Those rights are now reflected by user2 and user3.
fig8.JPG
fig8.JPG (53.35 KiB) Viewed 51947 times
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Mon Feb 04, 2013 10:50 am

Ensuring Repository Access

1) When creating a new user, check their default security rights.
fig1.JPG
fig1.JPG (29.92 KiB) Viewed 51947 times
2) Go to the repository the user needs access to, and check what the repository default is as well as what rights the user is showing.
fig2.JPG
fig2.JPG (35.84 KiB) Viewed 51947 times
3) If the user has access, but doesn’t see anything, then check to see if Folder Security is turned on. That is found in the initial repository settings.
fig3.JPG
fig3.JPG (21.61 KiB) Viewed 51947 times
4) If folder security is turned on, then go to the folder security link to troubleshoot the settings at root or areas below root.
fig4.JPG
fig4.JPG (24.46 KiB) Viewed 51947 times
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Mon Feb 04, 2013 10:56 am

Creating a group that can administrate a repository

1) Expand the repository you would like the group to have administrative rights to. Click on Groups. Click Add on the right side to add a new group.
fig1.JPG
fig1.JPG (16.02 KiB) Viewed 51947 times
2) Give the group a name and add which users you want to be in that group. Click Save.
fig2.JPG
fig2.JPG (40.08 KiB) Viewed 51947 times
3) On the left, click on Repository Access. Under Groups on the right, select the group, give it Full Admin rights, and click Assign.
fig3.JPG
fig3.JPG (25.02 KiB) Viewed 51947 times
4) On the same Repository Access page, if you look down to individual users, you will see the person assigned will inherit the rights.
fig4.JPG
fig4.JPG (11.39 KiB) Viewed 51947 times
When the user that belongs to the new group logs in, they will see they can perform administrative tasks only on the repository they were given rights to.
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Fri Oct 16, 2015 3:59 pm

Shared Administration

When you add a new group under a repository or a project, you may notice towards the bottom that there is a section called Shared Administration and a list of the repositories. What this section does is allow administrators from other repositories or projects, who are not Global Administrators, edit the repository for which you are creating the new group. If a user was already a Global Administrator, then that user already has rights to modify any administrative setting.

The setting "Admins can use this group" allows admins of the listed repository to also edit the security settings on this repository or project.

The setting "Admins can use and modify this group" allows admins of the listed repository to not only change the security, but to also change settings of the group you are creating.

For example, if I created a new group for my Initial Repository, and I want admins of C Code to be able to edit this group and security as well, I would click the drop down for C Code and select "Admins can use and modify this group."
Attachments
Shared Administration.jpg
Shared Administration.jpg (56.15 KiB) Viewed 47085 times
Beth Kieler
SourceGear Technical Support

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Re: Security Settings Examples

Post by Beth » Wed Sep 14, 2016 2:47 pm

Work Item Tracking Security


Admins can create multiple work item projects and change the security for each one.

1) After a project is created, an administrator needs to go to Project Access in the Vault admin web page.
ProjectAcces.JPG
ProjectAcces.JPG (58.49 KiB) Viewed 44777 times
2) Scroll down to see the users that can have rights. There a user can be given Read Only, Modify, or Full Admin rights to the project. This applies to work items.
project user rights.JPG
project user rights.JPG (21.18 KiB) Viewed 44777 times

3) If in a project there needs to be a division of work items all users can see and work items users can't see, then one can turn on the Public/Private option. These items aren't public to non-Vault users, but can be seen by all users. Private items are only seen by those allowed to see both Public and Private items.

Remember to click Save after turning on public items.
set public.JPG
set public.JPG (60.56 KiB) Viewed 44777 times
4) The easiest way to give users rights to private items is to create a Group.
public private group.JPG
public private group.JPG (65.62 KiB) Viewed 44777 times
5) When users add work items, they will mark the items as public if they want all Vault users who have access to that project to see that work item.
make public.JPG
make public.JPG (44.73 KiB) Viewed 44777 times
Beth Kieler
SourceGear Technical Support

Post Reply