Help Center/ CodeArts Req/ Service Overview/ Permission Management
Updated on 2023-12-14 GMT+08:00
View PDF

Permission Management

CodeArts Req uses IAM to centrally manage permissions for multiple projects of a tenant. In a single project, permissions are managed based on specific project settings. There are two types of permissions managed in CodeArts Req: cloud-service-level permissions and project-level permissions.

  • Cloud-service-level permissions are configured using IAM. For more information about IAM, see IAM Service Overview.
  • Project-level permissions are configured using CodeArts Req.

Cloud-Service-Level Permissions

More than one project can be created for an account. By default, only accounts can configure whether to allow IAM users to create projects and can view all projects and members. In some enterprise scenarios, an account can use fine-grained permissions management to grant configuration permissions to some IAM users.

IAM users do not have these permissions by default. To do so, you use the account to add an IAM user to a user group in IAM and assign permissions policies to the user group. This process is called authorization.

CodeArts Req is deployed by physical region and is a project-level service (related to project-based authorization in IAM). Therefore, when assigning permissions, select Region-specific projects for Scope, and then set permissions in the project corresponding to the specified region. The permissions take effect for the project after being set.

If you set permissions for All projects, the permissions will take effect for all region-specific projects.

In IAM, you can grant users permissions by using roles and policies. CodeArts Req uses policy-based authorization to meet the requirements of enterprises for flexible and refined permissions management.

Table 1 describes the system permissions supported by CodeArts Req.

Table 1 System permissions

Policy Name

Description

Policy Type

Policy Content

ProjectMan ConfigOperations

Operation permissions for a CodeArts Req project

System-defined policy

Table 2
Table 2 ProjectMan ConfigOperations policy content

Operation

Fine-grained Authorization Supported

Description

Create IAM users and import them in batches

Yes

Grant this permission to use the function in All Account Settings > General > IAM Users to import IAM users in batches.

Set project templates

Yes

Grant this permission to use the function in All Account Settings > Work > Project Templates to edit project templates.

Delete project templates

Yes

Grant this permission to use the function in All Account Settings > Work > Project Templates to delete project templates.

View permitted users who can create projects

Yes

Grant this permission to use the function in All Account Settings > General > Project Creators to view the permitted users.

Set IAM user permissions for creating projects

Yes

Grant this permission to use the function in All Account Settings > General > Project Creators to set users who have the permissions for creating projects.

View projects under a tenant

Yes

Grant this permission to use the function in All Account Settings > General > Projects and Members to view all projects.

Join a project under a tenant

Yes

Grant this permission to use the function in All Account Settings > General > Projects and Members to join any project. By default, the role of a newly added member is Project manager.

Delete projects

Yes

Grant this permission to use the function in All Account Settings > General > Projects and Members to delete projects.

View the members of all projects

Yes

Grant this permission to use the function in All Account Settings > General > Projects and Members to view the members of all projects.

Delete any project member under a tenant

Yes

Grant this permission to use the function in All Account Settings > General > Projects and Members to delete one or more project members.

Set a new work item creator

Yes

Grant this permission to set other users as the work item creators.

Bind an enterprise project

Yes

Grant this permission to bind a CodeArts project to an enterprise project when creating or upgrading enterprise projects.

Project-Level Permissions

You can set permissions for each project you created in CodeArts Req. The permission settings of each project are independent of those of any other projects.

In CodeArts Req, roles are classified into three types: administrators (project creators, project managers, and test managers), development personnel (developers, testers, and participants), and viewers.

  • Project creators: creators of projects
  • Project managers: administrators of development
  • Test managers: administrators of testing
  • Developers: personnel responsible of development
  • Testers: personnel responsible of testing
  • Participants: personnel who contribute to projects
  • Viewers: members who follow or browse projects
Table 3 Default roles and their permissions

Role

Project

Sprint

Work Item

Settings

(Member/Notification/Module/Domain/Custom Item/Review)

Report

Document management

Project creator
  • Edit projects
  • Delete projects
  • Archive projects
  • Transfer projects
  • Create sprints
  • Edit sprints
  • Delete sprints
  • Configure statuses

  

  

  
  • Create work items
  • Copy work items
  • Edit work items
  • Delete work items
  • Import work items
  • Export work items
  • Add, edit, and remove members, edit member roles, and review member addition requests
  • Create, edit and delete roles and edit role permissions
  • Edit work item templates, configure statuses and transitions, configure common fields, and add, delete, and edit common statuses
  • Add, edit, and delete modules
  • Add, edit, and delete domains
  • Edit notification items
  • Create reports
  • Edit reports
  • Delete reports
  • Move reports
  • Export reports
  • Create categories
  • Rename categories
  • Move categories
  • Delete categories
  • Create, edit, and delete directories
  • Upload, download, delete, and edit documents

Project manager
  • Do not have the permission to delete projects.
  • Do not have the permission to hand over the project creator.
  • Archive projects
  • Edit projects

Test manager

Developer
  • View permissions
  • View permissions
  • Create work items
  • Copy work items
  • Import work items
  • Export work items
  • Edit only work items created or handled by themselves
  • Delete only work items created by themselves
  • View only the Members page
  • Create reports
  • Create categories
  • Export reports
  • Edit and delete only reports created by themselves
  • Have no permission to delete documents or directories
  • Have same permission as project creators

Tester
  • View permissions
  • View permissions

Participant
  • View permissions
  • View permissions

Viewer
  • View permissions
  • View permissions
  • View permissions
  • View only the Members page
  • Query and preview reports
  • View, preview, and download documents