Users can see bugs outside their group (Even with strict isolation turned on)
I have a server I just upgraded to Bugzilla 3.2.3
and was doing some testing.
If I log in as a user restricted to a specific
project using a group control of Mandatory/Mandatory,
I can see the other products and view their bugs
even though I have strict isolation set in the
Is there a way to restrict users to only be able
to see bugs within the products they have access
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
...bug ?? Relogin with different user, can see the last access page of the previous user logout using LoginStatus ??
I still dont understand why when user click Logout on the LoginStatus link, it does not clean up his last page access. When another user ( with different role too) login using the same IE window, he get redirect to the previous user's last page access. Surprise to me and it looks like a security flaw.
And thus i have to manually put codes to run formauthentication.signout as what Asp.net 1.1 usually do !!
Why loginstatus does not clean up the last user session ?? And furthermore, is there any method in loginstatu...Preventing user/groups from seeing bugs
Hi, I was succesful in preventing users/groups from entering bugs for
certain products and to prevent modification to certain products.
Is there a way to simply make some products invisible to some user
and/or have some user/groups not be able to see all bugs from some
> Hi, I was succesful in preventing users/groups from entering bugs for
> certain products and to prevent modification to certain products.
> Is there a way to simply make some products invisible to some user
> and/or have some user/groups not be able to see all bugs ...Limiting a user so he/she can only see the bugs they have reported
Is it possible to limit a user so he/she can only see the bugs he/she has
It seems possible from the documentation to do this with groups, but I think
that would mean putting group access grants/restrictions retrospectively on
all our bugs (1300 and counting).
Or am I misunderstanding something?
(The problem to solve is that we have a person who submits excellent bugs in
a forum setting but is not yet fully approved trusted with full access to
the Bugzilla catalogue. It will take some while to approve him as trusted
through our process...restrict bug visibility for users ouside our mail-domain to see only their own bugs
I would like to configure our product in such a way, that bug reporters from outside our mail-domain can
1.) enter new bugs
2.) only search/browse/track status of their own bugs
3.) comment and add attachments to their own bugs (not changing bug status, assignee, ...)
How can I achieve this (if possible at all)?
...Using Bugzilla Groups to Limit User Group to Group Bugs
I am maintaining my company's Bugzilla installation, and I am
currently investigating whether or not it is possible with Bugzilla's
current Group Permissions capabilities to achieve a certain isolation
Let's say we have three Products A, B, and C and two Clients 1 and 2.
We would like to make it so that all staff can see, edit, and modify
all bugs for Products A, B, and C while Client 1 can only see, edit,
and modify bugs that someone from Client 1 has entered for Product A
and Client 2 can only see, edit, and modify bugs that someone from
Client 2 has entered for ...access control: non-privileged users can only see their bugs
I'd like to tweak bugzilla's access control to that normal
(unprivileged) users can only
a) see certain products
b) add new bugs there
c) see only their own bugs
So, for example, an customer can add a new issue and read it any
time, but not bugs of other people. Only specially authorized
people should be allowed to read and edit all bugs.
How can I do this ?
Enrico Weigelt == metux IT service - http://www.metux.de/
-----------------------------------------...RE: setup restricted users (can only edit/see bugs in a singleproduct)
Just to build on what Raghu mentioned; in the groups section make sure that you delete the ".*" from the editbugs group. ".*" allows everyone that logs in (if you have accounts setup) to editbugs. This will make the settings below work as expected. When I was novice to bugzilla, I failed to see it until I looked more closely at the group table(Administration link->Groups link. this will display existing default groups in bugzilla).
On Tue, 31 Jan 2012 11:48:12 +0530, "Raghu Kumar C" <email@example.com> wrote:
--------...setup restricted users (can only edit/see bugs in a single product)
Can I setup users that will only have access to see, create and edit
bugs in a single product? If so can someone send me a n example of how
to do this?
Thanks in advance
...Why no "Mandatory/NA"? (Was: Using Bugzilla Groups to Limit User Group to Group Bugs)
Thanks for the input. I had come to that conclusion myself but wanted
to make sure that I wasn't missing something by seeing what people on
the list thought of the situation.
Is there some design reason why Bugzilla doesn't allow Mandatory/NA
for the MemberControl/OtherControl setting combination? I have made
some customizations to our install before and am considering making
one to it now to allow Mandatory/NA.
> If you can live with clients being able to opt out of restricting
> their bugs, you can make the client groups Default/NA.
For simplicities sake...Use Group Security in order to prevent Users seeing Users from another Groups?
maybe this matter was asked before, but I did not see it... *sorry* in that
We have to prevent users being members in a group A (editing bugs in a
product A) seeing other users which are memebers in a group B for another
product B. Is something like this possible to model with Bugzilla's group
security (we are using Bugzilla version 3.4.5)? Or any other Bugzilla
Any hints are welcome!
-Thanks in advance,
View this message in context: http://old.nabble.com/Use-Group-Security-in-order-to-prevent-Users-seeing-Users-from-anot...user should see only bugs related to him?
If user is in 3 products.
He should see the bugs related only to those 3 products while searching,
this we can set in group permissions.
But while searching the bugs he is able to view and select other products
also which are not related to him.
How to set the group permission so that he can only see the products to
which he is linked while searching?
...Allow users to see only their own bugs
I'd like to make bugs (in certain products) only visible to
the originating user and specially authorized users.
How can I implement this ?
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: firstname.lastname@example.org
cellphone: +49 174 7066481
...Find bug and Search ALL returns all bugs for all users including restricted users.
Is there a way to restrict users to only see certain bugs, even thru Find
Bug# and Search(ALL) bugs functions? I have version 2.18.3 of bugzilla, and
I don't know if this function has already been implemented in the future
Software Quality Assurance
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use o...