user group based access to issues

General discussion of Mantis.

Moderators: Contributor, Developer

Post Reply
pstanton
Posts: 3
Joined: Sep 30, 2008 9:48 pm

user group based access to issues

Post by pstanton » May 15, 2018 4:28 am

I'd like to control who sees which issues so that "customer A" cannot see "customer B" issues, while "developers" can see both.

Secondarily, that anonymous users can submit issues that only them and "developers" can see.

How would you achieve this?

atrol
Site Admin
Posts: 7052
Joined: Mar 26, 2008 4:37 pm
Location: Germany

Re: user group based access to issues

Post by atrol » May 15, 2018 5:43 am

pstanton wrote:
May 15, 2018 4:28 am
I'd like to control who sees which issues so that "customer A" cannot see "customer B" issues, while "developers" can see both.
There are no user groups in Mantis, just access levels that can be assigned to users.
You have to create two separate private projects for that.
Another option could be to set option $g_limit_reporters = ON if you wish to limit reporters to only viewing bugs that they reported.
pstanton wrote:
May 15, 2018 4:28 am
Secondarily, that anonymous users can submit issues that only them and "developers" can see.
I have no idea what you mean with this.
"anonymous" means that the system does not know which person reported an issue, so how should the system be able to prevent someone from viewing an issue?
Please use Search before posting and read the Manual

pstanton
Posts: 3
Joined: Sep 30, 2008 9:48 pm

Re: user group based access to issues

Post by pstanton » May 15, 2018 5:59 am

the second part i think is answered by "Another option could be to set option $g_limit_reporters = ON if you wish to limit reporters to only viewing bugs that they reported.", however would this be system wide or can it be set for a particular project?

atrol
Site Admin
Posts: 7052
Joined: Mar 26, 2008 4:37 pm
Location: Germany

Re: user group based access to issues

Post by atrol » May 15, 2018 8:10 am

pstanton wrote:
May 15, 2018 5:59 am
can it be set for a particular project?
It can be set by using page Manage > Manage Configuration > Configuration report
At the bottom of the page:
- Choose the project you want to set in field "Project Name"
- Set "Configuration Option" to limit_reporters
- Set "Type" to "Integer"
- Set "Value" to 1
Please use Search before posting and read the Manual

jsonr
Posts: 3
Joined: Apr 24, 2018 7:59 pm

Re: user group based access to issues

Post by jsonr » May 18, 2018 11:27 am

What I do to achieve part of what you want is the following:

1. Make all projects private. This stops the projects and any issues within them from being visible to all users by default.
2. Give internal users a default access level of at least REPORTER.
3. Give external users a default access level of VIEWER.
4. Set $g_private_project_threshold = REPORTER (this allows all internal users to see all without explicitly adding them to every project)
5. Add external users explicitly to the projects they are allowed to see.

You could probably bump these up a level, giving external users REPORTER permission by default so they can report bugs, but requiring at least UPDATER to view private projects. I don't see any way you could let users report bugs without seeing the project though. Perhaps the settings to make issues private by default would do this, but it isn't part of my current requirements so I haven't tested it.

Post Reply