Lesson 3: Control access to specific work items by using an access group

In this lesson, you create and use an access group to control who has access to specific work items.

About this task

You can add team areas and specific users as members of an access group. You can also customize the work item editor to include a Restricted Access field where users can set the access context for each work item.

By default, the access context is determined by the access control and the restricted access and restricted visibility settings of the work item category. You can override the work item category settings by specifying an access group.

Restriction: If you set the Restricted Access field for a work item to an access group, a user who is a member of that access group but who does not have access to the project area in which the work item is filed cannot access that work item.

In this lesson, you will add Bill to an access group, and then set the Restricted Access list for a work item to use that access group. Because Bill is not a member of the team area, he cannot access work items that are filed against the category that is associated with the team area. However, because you previously gave Bill access to the project area and are adding him to the access group, he will be able to access the work item.

Procedure

  1. Log out, and then log on as Helen.
  2. Create an access group:
    1. From the Administration icon (Administration icon), click Manage this Project Area.
    2. Click Access Groups, and then click Create Access Group icon.
    3. Enter a name, such as Helen's Access Group.
    4. In the Members section, click the Add a Contributor icon (Add Contributor icon).
    5. Enter the name of the other user, Bill, and then click Add and Close.
    6. Click the Add a Project or Team Area icon (Add Project or Team Area icon), expand the project area, and select the team area.
    7. Click OK, and then click Save to save the access group.
    The Create an Access Group window with Bill and My Tutorial Team Area shown as members.
  3. Add the Restricted Access presentation to the work item editor so that users can control access in each work item.
    1. From the Project Areas menu, select the project area, My Tutorial Project Area.
    2. Click Work Items, and then click Editor Presentations.
    3. In the Details section, click the Add Presentations icon (Add Presentation icon).
    4. From the Attribute list, select Restricted Access. From the Kind list, select Access Control.
    5. Click OK, and then click Save to save the project area.
    The Add Presentation window with Restricted Access in the Attribute field, and Access Control in the Kind field.
  4. From the Home menu, select My Tutorial Project Area.
  5. Click Work Items > Shared Queries. Click Open created by me.
  6. In the query results, click the defect that you created, Test Defect 1. The editor contains the Restricted Access list. By default, the access context is based on the project area access control setting and the work item category restricted access setting. Because you selected Restricted Work Item Access for the work item category, the displayed value is My Tutorial Team Area. To change the access context, select the access group that you created. Click Save to save the work item.
    Restricted Access list with Helen’s access group selected.
    Tip: In the IBM® Engineering Workflow Management client for Eclipse IDE, you can also set the access context by selecting Restricted Access from the work item number drop-down menu.
  7. Log out, and then log on as Bill. You can now see the work item because you are a member of the access group.
  8. Log out, and then log on as Helen. From the Restricted Access list, click More. Select Default, and then click Save. The field value is My Tutorial Team Area again. If you log out and log back on as Bill, you will not have access to the work item because of the category restriction.

Lesson checkpoint

In this lesson, you learned how to do these tasks:
  • Create an access group that consists of a team area and specific users.
  • Add the Restricted Access presentation to the work item editor.
  • Control access to specific work items by changing values in the Restricted Access field.