Reading view and List view within Baseline Feature don't honor the configured user permission

Lien Bäcker
Lien Bäcker Member, Data Exchange, Jama Connect Interchange™ (JCI) Posts: 83

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Comments

  • Lita Gribben
    Lita Gribben Member, Data Exchange, Jama Connect Interchange™ (JCI) Posts: 90
    edited May 2023

    Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

    ------------------------------
    Lita Gribben
    Blue Origin
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 05-09-2023 01:33
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
    We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
    It creates issues for our working processes. 
    How does Jama Software Team handle the permission restriction on project content in the context Baseline?
    Any suggestion for us by mean time? Or any plan for the feature?

    Thanks

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------
  • Lien Bäcker
    Lien Bäcker Member, Data Exchange, Jama Connect Interchange™ (JCI) Posts: 83
    edited May 2023

    Hi Lita,

    it's great to know about the experience with your instance. Which release are you using?
    We're still on 8.74.1.
    In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 05-09-2023 09:51
    From: Lita Gribben
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

    ------------------------------
    Lita Gribben
    Blue Origin
    ------------------------------

    Original Message:
    Sent: 05-09-2023 01:33
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
    We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
    It creates issues for our working processes. 
    How does Jama Software Team handle the permission restriction on project content in the context Baseline?
    Any suggestion for us by mean time? Or any plan for the feature?

    Thanks

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------
  • Lita Gribben
    Lita Gribben Member, Data Exchange, Jama Connect Interchange™ (JCI) Posts: 90
    edited May 2023

    We are on 8.79.1. I tried it with a dummy user, and they can't see any of the items in the container they don't have permissions for. It only concerned me to see some attachments though, but not sure where those are stored, they are probably not in the same container.

    ------------------------------
    Lita Gribben
    Blue Origin
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 05-09-2023 23:15
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    Hi Lita,

    it's great to know about the experience with your instance. Which release are you using?
    We're still on 8.74.1.
    In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------

    Original Message:
    Sent: 05-09-2023 09:51
    From: Lita Gribben
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

    ------------------------------
    Lita Gribben
    Blue Origin

    Original Message:
    Sent: 05-09-2023 01:33
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
    We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
    It creates issues for our working processes. 
    How does Jama Software Team handle the permission restriction on project content in the context Baseline?
    Any suggestion for us by mean time? Or any plan for the feature?

    Thanks

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------
  • [Deleted User]
    [Deleted User] Posts: 152
    edited May 2023

    Hi Lien, 

    I can certainly understand the concern, and this is an interesting one! We'd like to dig in deeper with you -- if you could file a Support ticket here and reference this thread in the ticket description (along with any other pertinent info) on it, it'd be much appreciated.

    ------------------------------
    Carly Rossi // she/her/hers
    Community Program Manager // Jama Software
    Portland, OR
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 05-09-2023 23:15
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    Hi Lita,

    it's great to know about the experience with your instance. Which release are you using?
    We're still on 8.74.1.
    In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------

    Original Message:
    Sent: 05-09-2023 09:51
    From: Lita Gribben
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

    ------------------------------
    Lita Gribben
    Blue Origin

    Original Message:
    Sent: 05-09-2023 01:33
    From: Lien Bäcker
    Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

    In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
    We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
    It creates issues for our working processes. 
    How does Jama Software Team handle the permission restriction on project content in the context Baseline?
    Any suggestion for us by mean time? Or any plan for the feature?

    Thanks

    ------------------------------
    Lien Bäcker
    Gira, Giersiepen GmbH & Co. KG
    ------------------------------