Lesson 2: Permissions

Permissions control access to a product area or product function. It is important to remember that permissions define what can be done, not who can do it. In this lesson, you'll learn about the available permissions in IBM® UrbanCode™ Release and how they control what is available on the dashboard.

Permissions define tasks that can be performed in the product. Permissions are predefined within the product. They provide access to functions at the various levels of the product's usage, as follows:
  • At the system system-wide level, to perform tasks such as integrations and environments.
  • At the application level, to perform tasks such as create applications and adding comments to applications.
  • At the release level, to perform tasks such as creating releases and running deployments.

Users are granted permissions by being assigned to roles. When assigned to a role, a user is automatically granted all permissions that are granted to the role.

Let's look at the various permissions that are available. To look at the available permissions, we'll have to look at a role.

  1. Log into the IBM UrbanCode Release user interface using the credentials that allow you to manage roles and permissions.
  2. From the dashboard, click Manage Security, and then click Manage Roles.
  3. On the Manage Roles page, click Add New to view the available permissions in IBM UrbanCode Release. You can view the permissions associated with a role by clicking the edit icon () on the right of the role.
    The permissions are grouped by the level of product access that the permission affects. As you can see, permissions include everything from creating releases and deployment plans to viewing them.
  4. Close the Add New window. Click Cancel.
    The Add New window is used to add a permission. We are not adding any permissions in this exercise, but instead we are using the information on the page to view the available permissions in the product.

Whenever you open the Add New window or edit a specific role, a complete list of permissions is displayed.

Defined permissions

If your installation of IBM UrbanCode Release has not been modified, the list of permissions includes only those predefined in the product.

Permissions are grouped together in the following categories. The category name provides insight to the product features that are affected by a permission.
System
Provides access to tasks that affect security and system-wide areas, such integrations and environments. The permissions in this category allow for defining settings that affect all users.
Application
Provides access to tasks to create and modify applications, and add comments to applications.
Release
Provides access to perform release-related activities, such as creating releases and running deployments.
Deployment
Provides access to manage deployment plans, segments, and tasks.
Initiates and Changes
Provides access to create and modify initiatives and changes.
Statuses
Provides access to apply and edit quality statuses.
Graphic of person
  1. From the dashboard, click Manage Security, and then click Manage Roles.
  2. Click the edit icon () for the Observer role. Note that this role contains only two permissions: View Application Status and View Releases.
    When looking at the permissions for a defined role, those with a check mark are the ones associated with the role. You can clear permissions and add other ones for a role.
  3. Create a user that is assigned the Observer role and assign the user to a team. You can assign the user to the sample team defined as part of the product.
    Keep track of the user ID and password for the newly created user.
  4. Log out of the user interface.
  5. Log in using the user ID and password that you created.
    Notice the items on the dashboard.
  6. Click Release Process. Notice that you cannot create a new lifecycle, quality status, or process template. There are also no actions that can be performed on existing ones. As an observer, you can only view them.
  7. Click Releases & Deployments. Notice that you cannot create or modify releases or deployment plans. Again, the Observer role contains permission to view only.
  8. There are several dashboard items that are not controlled by permissions. These items are always available to all users, even a user that has no selected permissions.
    The following screen capture shows the basic dashboard items available to all users.
    View of dashboard showing items that are available to all users.

    To view a list of which user interface tasks are affected by which permissions, see Security types.

  9. Log out of the user interface.

Expanding on predefined permissions

Additional permissions are added under the Status security type, when you create a quality status. Quality statuses contain criteria that must be met before a phase can be completed. They are not a security feature of the product, but a quality assurance feature. However, for a user to pass or reject a quality status, the user must have permission for the quality status.

Quality statuses reflect the criteria that you require in your release process. For example, a criterion can be the completion of a testing activity or the completion of a review process. When the application version meets the criteria, the assigned user with the permission to apply the quality status can apply it. If the release process requires an application to meet multiple criteria, multiple quality statuses can be applied to the application version. Then, it can be determined whether the application is ready for deployment by inspecting application statuses.

Let's look at how quality statuses are added to the list of permissions. To add or remove a quality status you must have the Edit Status permission.

  1. From the dashboard, click Release Process, and then click the Quality Statuses tab.
    The list of currently defined quality statuses is displayed.
    There are three predefined quality statuses that are included with the product. If you open the Manage Roles page and look at the statuses section, you will see the following statuses:
    • Manual QA Pass
    • QA Manager Review Pass
    • Unit Tests Pass
    Screen capture of quality statuses page.
  2. To add a quality status, click Add New and complete the following fields.
    Name
    Type in the name of the status.
    Description
    Optionally add a description of the status.
    Color
    Select from the palette a color to associate with the status. If no color is selected, the default is white.

    The following screen capture displays a new quality status that is named Test Manager Review Pass. It has been assigned the color purple. The color can help you quickly find a quality status. Screen capture of quality statuses page shown the created status

  3. Now that the quality status has been defined, it can be assigned to a role.
    1. From the dashboard, click Manage Security, and then click Manage Roles.
    2. Click the edit icon for a role. You should see the new quality status in the list of permissions.
      Screen capture showing the created quality status on the permissions page

Summary

Permissions are the cornerstone to security. Permissions affect what tasks users have and do not have access to perform. Understanding the available permissions is a first step in determining how to organize users so that they have the appropriate permissions.

Permissions are not directly assigned to users. Users are granted permissions by being assigned to a role. When assigned to a role, a user is automatically granted all permissions that are granted to the role.

Checkpoint

What is a permission?
Answer: A permission is the access rights that are needed to perform an action using the user interface.
What does the Unit Test Pass permission allow you to do?
Answer: The Unit Test Pass permission is a quality status. A user given this permission is able to add a pass unit test gate to a lifecycle. Review the Security types for description of default permissions for a given security type.

To learn more about quality statuses, see Creating and assigning quality statuses.