Permission Management
CodeArts Req uses IAM to centrally manage permissions for multiple projects of a tenant. In a single project, permissions are managed based on specific project settings. There are two types of permissions managed in CodeArts Req: cloud-service-level permissions and project-level permissions.
- Cloud-service-level permissions are configured using IAM. For more information about IAM, see IAM Service Overview.
- Project-level permissions are configured using CodeArts Req.
Cloud-Service-Level Permissions
More than one project can be created for an account. By default, only accounts can configure whether to allow IAM users to create projects and can view all projects and members. In some enterprise scenarios, an account can use fine-grained permissions management to grant configuration permissions to some IAM users.
IAM users do not have these permissions by default. To do so, you use the account to add an IAM user to a user group in IAM and assign permissions policies to the user group. This process is called authorization.
CodeArts Req is deployed by physical region and is a project-level service (related to project-based authorization in IAM). Therefore, when assigning permissions, select Region-specific projects for Scope, and then set permissions in the project corresponding to the specified region. The permissions take effect for the project after being set.
If you set permissions for All projects, the permissions will take effect for all region-specific projects.
In IAM, you can grant users permissions by using roles and policies. (For details, see IAM Service Overview.) CodeArts Req uses policy-based authorization to meet the requirements of enterprises for flexible and refined permissions management.
Table 1 describes the system permissions supported by CodeArts Req.
Policy Name |
Description |
Policy Type |
Policy Content |
---|---|---|---|
CodeArts Req ConfigOperations |
Operation permissions for a CodeArts Req project |
System-defined policy |
Operation |
Fine-grained Authorization Supported |
Description |
---|---|---|
Create IAM users and import them in batches |
Yes |
Grant this permission to use the function in to import IAM users in batches. |
Modify project templates |
Yes |
Grant this permission to use the function in All Account Settings > to edit project templates. |
Delete project templates |
Yes |
Grant this permission to use the function in All Account Settings > to delete project templates. |
View permitted users who can create projects |
Yes |
Grant this permission to use the function in All Account Settings > General > Project Creators to view the permitted users. |
Set IAM user permissions for creating projects |
Yes |
Grant this permission to use the function in All Account Settings > General > Project Creators to set users who have the permissions for creating projects. |
View projects under a tenant |
Yes |
Grant this permission to use the function in All Account Settings > General > Projects and Members to view all projects. |
Join a project under a tenant |
Yes |
Grant this permission to use the function in All Account Settings > General > Projects and Members to join any projects. By default, the role of a newly added member is Project manager. |
Delete projects |
Yes |
Grant this permission to use the function in All Account Settings > General > Projects and Members to delete projects. |
View the members of all projects |
Yes |
Grant this permission to use the function in All Account Settings > General > Projects and Members to view the members of all projects. |
Delete any project member under a tenant |
Yes |
Grant this permission to use the function in All Account Settings > General > Projects and Members to delete one or more project members. |
Set a new work item creator |
Yes |
Grant this permission to set other users as the work item creators. |
Bind an enterprise project |
Yes |
Grant this permission to bind a CodeArts project to an enterprise project when creating or upgrading enterprise projects. |
Project-Level Permissions
You can set permissions for each project you created in CodeArts Req. The permission settings of each project are independent of those of any other projects.
Project management contains three types of roles: project managers (project administrators, project managers, test managers, product managers, and system engineers), developers (committers, developers, testers, and participants), and viewers and O&M managers.
- Project administrators: creators of a project
- Project managers: administrators of development
- Test managers: administrators of testing
- Product managers: requirement analysis managers of a project
- System engineers: architecture analysis managers of a project
- Committers: personnel who participate in project development
- Developers: personnel who participate in project development
- Testers: personnel who participate in project testing
- Participants: personnel who contribute to projects
- Viewers: members who follow or browse projects
- O&M managers: personnel responsible for O&M
Module |
Permission |
Project Administrator |
Project Manager |
Product Manager |
System Engineer |
Committer |
Test Manager |
Developer |
Tester |
O&M Manager |
Participant |
Viewer |
---|---|---|---|---|---|---|---|---|---|---|---|---|
RRs
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Create/Submit/Copy |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
N |
|
Edit |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Upload attachments |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Add person-hours |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete/Restore/Delete permanently |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Cancel/Restart |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Break down/Associate/Disassociate/Cancel association of child requirements |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Create/Associate/Disassociate work items |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate files |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate wikis |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Assign |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Suspend/Cancel suspensions |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Configure statuses |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Import |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Export |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Feature sets
|
Inherit |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
Create |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Edit |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Add existing FEs |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Import |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Baseline snapshots |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
View snapshot versions |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Compare snapshots |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
FEs
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Create/Copy |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Edit |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Upload attachments |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Add person-hours |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete/Restore/Delete permanently |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Configure statuses |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Break down/Associate/Disassociate child FEs |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Break down/Associate/Disassociate child requirements |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Create/Associate/Disassociate work items |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Baseline/Cancel baselines |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Import |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Export |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate files |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate wikis |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
View historical versions |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
R&D requirements
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Create/Copy |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Edit |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Upload attachments |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Add person-hours |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Delete/Restore/Delete permanently |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Configure statuses |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Break down child requirements |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate work items |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Baseline/Cancel baselines |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Assign/Cancel assignments |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate wikis |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate files |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Migrate |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Import |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Export |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Tasks
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Create/Copy |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Edit |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Upload attachments |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Add person-hours |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Delete/Restore/Delete permanently |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Configure statuses |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Break down/Disassociate child tasks |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate parent tasks |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate work items |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate wikis |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate documents |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Import |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Export |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Bugs
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Create/Copy |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Edit |
Y |
Y |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
|
Upload attachments |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Add person-hours |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Delete/Restore/Delete permanently |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Associate/Disassociate work items |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate test plans |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
N |
|
Associate/Disassociate wikis |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Associate/Disassociate files |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Migrate |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Assign |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Suspend/Cancel suspensions |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Configure statuses |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Import |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Export |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Reviews
|
View |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Edit/Cancel |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Delete |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Export |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|
Plan management
|
Create |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
Edit |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Delete |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Baseline/Cancel baselines |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Work settings
|
Basic settings |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
Manage tags |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
|
Configure work item templates |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
|
Configure workflows |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Configure modules |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
|
Configure downstream projects for RRs |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
|
Configure downstream projects for R&D requirements |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Set work types |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Configure review settings |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Configure notifications |
Y |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
|
Recycle bin |
Clear recycle bin |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
N |
Module |
Permission |
Project Administrator |
Project Manager |
Product Manager |
System Engineer |
Committer |
Test Manager |
Developer |
Tester |
O&M Manager |
Participant |
Viewer |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Basic project information
|
Archive |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
Convert types |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
N |
|
Plans
|
Create |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Edit |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Delete |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Work items
|
Create/Copy |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Edit |
Y |
Y |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
N |
|
Delete |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Import |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
|
Export |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
|
Archive/Unarchive |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Upload files |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Sprints
|
Create |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
Edit |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Configure statuses |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Reports
|
Create reports |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
Edit reports |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete reports |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Move reports |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Export reports |
Y |
Y |
N |
N |
Y |
Y |
Y |
N |
Y |
Y |
N |
|
Create categories |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
|
Rename categories |
Y |
Y |
Y |
Y |
Y |
Y |
N |
N |
N |
N |
N |
|
Move categories |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete categories |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Customization
|
Customize work items |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
Configure domains |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Configure notifications |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Configure modules |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
N |
N |
N |
|
Set work types |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Automation |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Documentation
|
Upload documents/Create directories |
Y |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
N |
Edit document properties/Rename directories/Move directories |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete documents and directories |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Download documents |
Y |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
|
Preview documents |
Y |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
Y |
Y |
|
Dashboard
|
Create dashboards |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
Edit dashboards |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Delete dashboards |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
|
Unlock dashboards |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
N |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot