Tweet
Environments
Our developers all have their own developer libraries. They also all have an environment and by and large said environment has their developer library in the library list. While they have authority to PA-Envs and can create environments, they cannot give themselves the very Environment they just created because that requires them to have access to PA-Users which they don't have because that's a security risk (as is PA-Groups). I'll create another post about that; we've talked about that in the past and we really need to do something about that loophole).
The feature I am looking for is a mod within PA-Envs where anyone who has access to PA_Envs can assign Envs to users, much like how PA-Groups works where, if you are in a group, you can assign users to that group.
To collaborate with other developers, we give all developers access to all environments. Because our developers do not have access to PA-Users, they have to ask an admin to do that for them, which is mostly me. I then go into PA-Users for that developer, go to the Envs tab and give them All environments. Periodically I go through each developer and give each developer access to all environments - times 3 for each of our instances.
As opposed to the first proposed solution that gives users who have been given access to PA-Envs the ability to assign Envs to users, the other option is to add an attribute to Users which gives them access to all Envs in existence without having to go into PA-Users and grant them access to Envs explicitly.
All Envs allowed: ON/OFF checkbox.
If ON, user is allowed to access any ENV defined in PA_ENV
To provide a wee bit more control, we could also add a new attribute to ENVS:
Type: PUBLIC/PRIVATE
Anyone who has ALL_ENVS_ALLOWED = ON gets access to all ENVS that are PUBLIC. Private ones can only be granted to a user by explicitly granting a user access to
What I do not want is any ole user being able to get to all Envs that are PUBLIC.
The Env has to be public and the user must have been set up to have access to all public Envs.
Something along those lines.. you get the idea....
This is not a high priority!
We can also solve this entire issue by addressing the reason why developers can't maintain their own user profile. If we address that concern then I'll give them access to PA_Users and then they can give themselves access to all the environments in the world and this whole issue goes away. I'll reach out to you about that whole PA-Users security concern next week.
-gadget
The feature I am looking for is a mod within PA-Envs where anyone who has access to PA_Envs can assign Envs to users, much like how PA-Groups works where, if you are in a group, you can assign users to that group.
To collaborate with other developers, we give all developers access to all environments. Because our developers do not have access to PA-Users, they have to ask an admin to do that for them, which is mostly me. I then go into PA-Users for that developer, go to the Envs tab and give them All environments. Periodically I go through each developer and give each developer access to all environments - times 3 for each of our instances.
As opposed to the first proposed solution that gives users who have been given access to PA-Envs the ability to assign Envs to users, the other option is to add an attribute to Users which gives them access to all Envs in existence without having to go into PA-Users and grant them access to Envs explicitly.
All Envs allowed: ON/OFF checkbox.
If ON, user is allowed to access any ENV defined in PA_ENV
To provide a wee bit more control, we could also add a new attribute to ENVS:
Type: PUBLIC/PRIVATE
Anyone who has ALL_ENVS_ALLOWED = ON gets access to all ENVS that are PUBLIC. Private ones can only be granted to a user by explicitly granting a user access to
What I do not want is any ole user being able to get to all Envs that are PUBLIC.
The Env has to be public and the user must have been set up to have access to all public Envs.
Something along those lines.. you get the idea....
This is not a high priority!
We can also solve this entire issue by addressing the reason why developers can't maintain their own user profile. If we address that concern then I'll give them access to PA_Users and then they can give themselves access to all the environments in the world and this whole issue goes away. I'll reach out to you about that whole PA-Users security concern next week.
-gadget