Reading view and List view within Baseline Feature don't honor the configured user permission

Lien Bäcker

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Lita Gribben

Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

------------------------------
Lita Gribben
Blue Origin
------------------------------
-------------------------------------------
Original Message:
Sent: 05-09-2023 01:33
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Lien Bäcker

Hi Lita,

it's great to know about the experience with your instance. Which release are you using?
We're still on 8.74.1.
In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------
-------------------------------------------
Original Message:
Sent: 05-09-2023 09:51
From: Lita Gribben
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

------------------------------
Lita Gribben
Blue Origin
------------------------------

Original Message:
Sent: 05-09-2023 01:33
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Lita Gribben

We are on 8.79.1. I tried it with a dummy user, and they can't see any of the items in the container they don't have permissions for. It only concerned me to see some attachments though, but not sure where those are stored, they are probably not in the same container.

------------------------------
Lita Gribben
Blue Origin
------------------------------
-------------------------------------------
Original Message:
Sent: 05-09-2023 23:15
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

Hi Lita,

it's great to know about the experience with your instance. Which release are you using?
We're still on 8.74.1.
In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Original Message:
Sent: 05-09-2023 09:51
From: Lita Gribben
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

------------------------------
Lita Gribben
Blue Origin

Original Message:
Sent: 05-09-2023 01:33
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

[Deleted User]

Hi Lien, 

I can certainly understand the concern, and this is an interesting one! We'd like to dig in deeper with you -- if you could file a Support ticket here and reference this thread in the ticket description (along with any other pertinent info) on it, it'd be much appreciated.

------------------------------
Carly Rossi // she/her/hers
Community Program Manager // Jama Software
Portland, OR
------------------------------
-------------------------------------------
Original Message:
Sent: 05-09-2023 23:15
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

Hi Lita,

it's great to know about the experience with your instance. Which release are you using?
We're still on 8.74.1.
In our case, if within a baseline, user clicks on the ID (document key), of an item, on which he has no permission, he will see the message that he has no permission to do so. However, if er just opens a baseline content in a reading view, he could see all the content.

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------

Original Message:
Sent: 05-09-2023 09:51
From: Lita Gribben
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

Lien, I'm just a Jama user, but seeing this was concerning so I went and tested this on our self hosted Jama. I checked baselines of items that some user groups have no read permissions on, and was able to confirm that is not happening to us. Although I did find a baseline of a component that is blocked to a few groups doesn't show most items but it does show attachments (images), the items it does show were either moved or reused, and that is why my limited permission test user can still see them.

------------------------------
Lita Gribben
Blue Origin

Original Message:
Sent: 05-09-2023 01:33
From: Lien Bäcker
Subject: Reading view and List view within Baseline Feature don't honor the configured user permission

In certain project contexts, the user permission has been configured, that a user is allowed only to read a certain set.
We have noticed, accessing Baseline feature, this user can read all content of all baselines, also the content of the set/ components on which the user actually hat no read permission, using reading and list view. 
It creates issues for our working processes. 
How does Jama Software Team handle the permission restriction on project content in the context Baseline?
Any suggestion for us by mean time? Or any plan for the feature?

Thanks

------------------------------
Lien Bäcker
Gira, Giersiepen GmbH & Co. KG
------------------------------