Users & Roles in Lifetime

thumbs_up_ico0thumbs_down_ico0
post_link_ico
I just watched the Lifetime webinar you guys did and I was trying out some stuff in our servers and then I got stuck trying something... Here's the scenario:
  1. I created a new ExternalDeveloper role with permissions to List Applications
  2. I created a user ang gave him the new role
  3. I setted a few Change & Deploy permissions to some applications
Now the user still has list access to All Other Applications and if I try to set the permissions for some of these applications the lowest setting is List Versions.

I think we should have the No Access setting for the remaining applications and prevent the user from seeing them.

Right now with the List Applications setting in the role the user will still have the option to see remaining applications/espaces/extensions. I don't think this is the best behaviour to have but I would like to know what's your oppinion.

Thanks,
João


thumbs_up_ico2thumbs_down_ico0
post_link_ico
Hi João,

The security mode with LifeTime is a bit different than the old one.
That is one of the changes. A developer can list all applications if it has access to the environment.

There were multiple reasons for that change.
The main reason is that when planning stagings of an application, users need to have context about the dependencies.
Even if they can't change them, they can still plan a deployment to be approved later.
If there were applications that he could not see, then it would be impossible. And we couldn't even give any "fix" suggestions because for that user those applications would not exist.

There is also the situation where you have reusable components on your server.
They are there to make life usefull for the developers (and to reduce maintenance costs).
But since developers don't see it, they can't ask anyone for permissions (or to refactor some eSpace/extension into a shared component). So he will code it once again.

(There are more reasons that I can remember, but I guess those are the 2 most important ones)

Regards,
João Rosado
thumbs_up_ico0thumbs_down_ico0
post_link_ico
Hi,

Will that webinar become available somewhere? This was always done with other webinars, couldn't join that day :-(.

Kind regards,
Evert
thumbs_up_ico0thumbs_down_ico0
post_link_ico
Evert van der zalm wrote:
Hi,

Will that webinar become available somewhere? This was always done with other webinars, couldn't join that day :-(.

Kind regards,
Evert
 
 Hi Evert,

I believe it will be available soon, as usual with other webinars.

Regards,
João
thumbs_up_ico1thumbs_down_ico0
post_link_ico
I'd like to add a few questions to this thread that are related.
  1. I'd like to set up a role for a lead developer that has configure infrastructure access for the DEV environment but not for QA and PROD, Lifetime currently limite configure infrastructure only to be set for all environments.  We need a role that has more access than change and deploy to DEV but not to PROD, is there any way around this limitation?
  2. Roles cannot be granted application specific levels, only uses.  THis goes agains our role bsed access security standards.  IS there any work arund for this limimtation? 

 
 
thumbs_up_ico1thumbs_down_ico0
post_link_ico
Hi Gary,

Regarding the first question I think you misunderstood lifetime permission levels. The Configure Infrastructure permission is cross environment and a Role with that permission gives the ability to configure users on lifetime. If you want a user to be able to configure an environment (environment settings, database connections, zones, etc.) you have to set the its Role permission level for that environment to 'Full control'.

Regarding the second question, currently you have to setup application specific levels for each user.

Regards
thumbs_up_ico0thumbs_down_ico0
post_link_ico
Thanks João,

Your correct I think I misstated my concern on the full control, that is the setting to do what I need.

Are there any thoughts to setting application access levels to a role in addition to a user?



Login to reply
Something on your mind?
Top Forums Posters
See leaderboard
Online Training
On-demand video lessons to help you learn at your own pace.
Learn More
Community
Forums
Academy
Forge
Ideas
About Us
Office Locations
OutSystems Network
Contact OutSystems
Legal Info
Terms of Use
Privacy Policy
Use of Cookies
 OutSystems© All rights reserved. Custom built with (h) and (o)