Users & Roles in Lifetime

Users & Roles in Lifetime

I just watched the Lifetime webinar you guys did and I was trying out some stuff in our servers and then I got stuck trying something... Here's the scenario:
  1. I created a new ExternalDeveloper role with permissions to List Applications
  2. I created a user ang gave him the new role
  3. I setted a few Change & Deploy permissions to some applications
Now the user still has list access to All Other Applications and if I try to set the permissions for some of these applications the lowest setting is List Versions.

I think we should have the No Access setting for the remaining applications and prevent the user from seeing them.

Right now with the List Applications setting in the role the user will still have the option to see remaining applications/espaces/extensions. I don't think this is the best behaviour to have but I would like to know what's your oppinion.


Hi João,

The security mode with LifeTime is a bit different than the old one.
That is one of the changes. A developer can list all applications if it has access to the environment.

There were multiple reasons for that change.
The main reason is that when planning stagings of an application, users need to have context about the dependencies.
Even if they can't change them, they can still plan a deployment to be approved later.
If there were applications that he could not see, then it would be impossible. And we couldn't even give any "fix" suggestions because for that user those applications would not exist.

There is also the situation where you have reusable components on your server.
They are there to make life usefull for the developers (and to reduce maintenance costs).
But since developers don't see it, they can't ask anyone for permissions (or to refactor some eSpace/extension into a shared component). So he will code it once again.

(There are more reasons that I can remember, but I guess those are the 2 most important ones)

João Rosado

Will that webinar become available somewhere? This was always done with other webinars, couldn't join that day :-(.

Kind regards,
Evert van der zalm wrote:

Will that webinar become available somewhere? This was always done with other webinars, couldn't join that day :-(.

Kind regards,
 Hi Evert,

I believe it will be available soon, as usual with other webinars.

I'd like to add a few questions to this thread that are related.
  1. I'd like to set up a role for a lead developer that has configure infrastructure access for the DEV environment but not for QA and PROD, Lifetime currently limite configure infrastructure only to be set for all environments.  We need a role that has more access than change and deploy to DEV but not to PROD, is there any way around this limitation?
  2. Roles cannot be granted application specific levels, only uses.  THis goes agains our role bsed access security standards.  IS there any work arund for this limimtation? 

Hi Gary,

Regarding the first question I think you misunderstood lifetime permission levels. The Configure Infrastructure permission is cross environment and a Role with that permission gives the ability to configure users on lifetime. If you want a user to be able to configure an environment (environment settings, database connections, zones, etc.) you have to set the its Role permission level for that environment to 'Full control'.

Regarding the second question, currently you have to setup application specific levels for each user.

Thanks João,

Your correct I think I misstated my concern on the full control, that is the setting to do what I need.

Are there any thoughts to setting application access levels to a role in addition to a user?