Example for controlling access to a project
Hello,
I'm looking for a clear example on how to configure and control access to a project. I've read the roles and projects sections and it sounds like it's possible, but the reading doesn't give a clear explanation for how to do it.
The scenario I am working with is:
We have three teams that need to trigger build and deploy actions in TeamCity.
We have one TC project per team.
We want all team members on team 1 to have the ability to view the build logs for project 1.
We want all team members on team 2 to have the ability to view the build logs for project 2.
We want all team members on team 3 to have the ability to view the build logs for project 3.
We want 'x' members from team 1 to be able to trigger builds on project 1.
We want 'x' members from team 2 to be able to trigger builds on project 2.
We want 'x' members from team 3 to be able to trigger builds on project 3.
These team members are not shared. So they need to be limited to only their project. There is a lot of finger pointing and frustration when a team accidentally deploys on the wrong project. It's also potentially an auditing issue for our company.
We have 2 'super-members' that we want to be able to trigger builds on all 3 project.
So far it is intuitive to create groups. Role creation is less intuitive -- since they seem to be global ... "like this role can build". I see no way or documentation on how to assign a role to a specific project.
Please sign in to leave a comment.
Hi John,
our documentation on managing groups is here: https://confluence.jetbrains.com/display/TCD10/Managing+Users+and+User+Groups#ManagingUsersandUserGroups-ManagingUserGroups. Basically, you add the permissions to the roles, then can assign the roles to either users or groups, and the users/groups can be then assigned to roles on a per-project basis. Groups are usually easier to handle and to manage, but granting roles to individual users is also possible.
There are two possibilities:
-Set up a group per project, give the group a role that contains all the shared permissions, then grant the users that have extra permissions those extra permissions individually through a role.
-Set up a group for each project and role (p1_build-log-viewer, p1_runner, p2_build-log-viewer, p2_runner, admin). Then access administration - groups - <group name> - roles and add the particular role with the right permissions to the group you want for the project you want.
Cross project permissions aren't mandatory but possible through this setup, simply assign the designated users to multiple groups (or to a group that has permissions over several projects/root project)