johnmcdraper's avatar
johnmcdraper
Occasional Contributor
8 years ago
Status:
New Idea

Add privileges/protections for review participation and visibility.

As we are using SB Collaborator for more and more reviews, there is a concern that, basically, everyone can view everything.

 

While your dashboard only shows reviews you are personally involved with, a user via the Report tool, or just a direct URL, to view, and actually participate in, pretty much any inspection in the system.   There is no check for participation or group membership or admin privileges.  Basically, if you can get the URL to a review, you have full access.    This is making some project leaders uncomfortable.

 

Have there been any thoughts of introducing better protections, to restrict visibility and participation to participants; and to restrict visibility to members of groups and their group parents/children?

8 Comments

  • johnmcdraper's avatar
    johnmcdraper
    Occasional Contributor

    I must have not understood those options when I did the initial configuration.     Will read and see what that offers us - thanks for the pointer

  • johnmcdraper's avatar
    johnmcdraper
    Occasional Contributor

    Unfortunately, "Restrict Access to Review" isn't restricting access to reviews.    Time for a bug report?

  • MrDubya's avatar
    MrDubya
    Occasional Contributor

    If that's the case I'm guessing that server setting will be applied for all newly created reviews.  Every review record has its own individual access setting, which would be set to the server setting by default.  The review creator has the ability to override the setting from the default (but to only make it more restrictive, not less restrictive).  Open a review record, and look at the "Restrict Access" field to see what the permission is set to.

     

    If you create a new review, and it's not honoring the access level configured in the server settings, then definitely sounds like a support call.

  • johnmcdraper's avatar
    johnmcdraper
    Occasional Contributor

    Apparently changing overall SB settings doesn't modify already open reviews, which is unfortunate.  So there may be no bug, and the feature may work as expected - still doing some testing.

  • johnmcdraper's avatar
    johnmcdraper
    Occasional Contributor

    Well, this has been an exciting ride.

     

    I have figured out how to use permissions.   But this exposes a problem I seem to keep having with collaborator.  Most of the UG on line just shows you settings and how to set them.  There is no "how to use" manual for admins.  So I can look up the restrict access setting, and it will tell me the values I can set it to.   But there is no manual entry for "If you want to restrict access to reviews, here are the 2-3 settings you need to change, and here's what it gets you".

     

    But I did find two bugs in the access control system - a conflict between access and subscriptions; and that setting access restrictions will (inadvertently?) kill the Pool reviewer system.    Trouble reports have been added for each of those problems.   sigh.

  • MrDubya's avatar
    MrDubya
    Occasional Contributor

    Thanks for sharing your experience & the heads-up.