Note: Writing this doc in the "Community Docs" section until it's cleaned up enough to put in the standard docs. Also, once [allura:tickets:#1617] is complete, much of this may not be necessary.
Project wide User groups and permission settings
These are set via Admin -> User Permissions.
To add a user to a group, select "+ Add" under the appropriate group and enter their SourceForge username. Note that this is the unique username, not the display name.
To remove a user, select the "-" next to their username and confirm removal.
- Admin: Project administrators have full control over the projects, and can add/remove other members
- Developer: This group also contains all Admins, most tools will allow Developers to perform most non-admin functions by default, though these can be customized using Individual Tool Permissions.
- Members: This group contains all developers, members generally have fewer permissions by default, but like Developers, this can be customized via Individual Tool Permissions.
- *Authenticated: Any user signed into the SourceForge site.
- *Anonymous: Everyone, logged in or out.
Keep in mind that the "Member" group contains the "Developer" group, and the "Developer" group also contains the "Admin" group. In other words, an Admin is also, by inheritance, in the Developer and Member groups.
Likewise, "*anonymous" (all users, both logged in and logged out) is a supergroup of "*authenticated" (ie., logged in users only).
Use the "Add a new group" link at the bottom of the page to add a new group. This can be used to define specific teams (eg., "documentation", or "support") that have their own customized permissions set under the Individual Tool permissions.
- Read: Defines who can view content, note however that we do not support removing *anonymous read permissions from the project level
- Admin: Defines groups with administrative access (ie., full control) of a project
- Create/Update: These settings are currently not useful without Admin privileges and their usage is under review in [allura:tickets:#6084]
Permissions for individual tools can be set via Admin -> Tools, the "Permissions" link is underneath each installed tool. These permissions are per tool, not per tool type. So if you want to edit permissions for each tickets instance, you'll need to change the permissions for each one.
A number of the permissions are used for a number of different tools.
- ADMIN: Controls permissions for administrator settings
- READ: Controls who can view the contents of the tool.
- POST/UNMODERATED_POST: Controls who can use the discussion features (eg., commenting on tickets, wiki pages, or merge requests). If a user is in POST, but not the UNMODERATED_POST, their comments will first enter a moderation queue before it's publicly viewable.
- MODERATE: Controls who can approve posts that have been moderated, as well as who can edit and delete comments.
Several tools have permissions specific to the tool, these include:
SCMs (SVN, Git, Hg)
Note: for SCMs, comment permissions (eg., POST, listed above) are used for comments on merge requests.
- WRITE: Controls what users can write to the repository (ie., commit/push)
- CREATE: Controls who can create new wiki pages
- EDIT: Controls who can edit existing pages
- DELETE: Controls who can delete existing pages
- CONFIGURE: Controls who can edit milestones
- CREATE: Controls who can log new tickets (note that further comments are controlled by the POST permission)
- UPDATE: Controls who can update the description and metadata on existing tickets (ie., Summary, original description, etc.)
- DELETE: Controls who can delete tickets
- SAVE_SEARCHES: Controls who can save custom searches
- CONFIGURE: Controls who can add forums