• Immutable Page
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

Managing Disclosure

Project and distribution owners can grant or revoke user and team permissions to access all private artefacts.

Project and distribution owners need to see who can access all or some of their project. Owners need to grant and revoke access.

PrivateProjectsAndDistributions

Rationale

With the introduction of private projects and distributions, owner need a way give access to hundreds of private project artefacts.

Stakeholders need to know who has access, and in a single action, grant or revoke it. This is valuable to public project with default private bug and branches--once a company team is granted access, all employees have access to company information.

e.g. Steve Magoun from OEM would like to be able to see exactly who has access to every component in his project.

Stakeholders

• OEM (Joey Stanford, Steve Magoun, Cody A.W. Somerville)
• Hardware enablement (Chris Van Hoof, Hugh Blemings)
• ISD (Stuart Metcalfe)
• Landscape (???)

• UbuntuOne (???)

User stories

Seeing legacy disclosure

As a project owner
I want to see who has access (is subscribed to) private bugs and branches within my project
so that I can make sure that everyone who needs to have access has it, and no one who shouldn’t doesn’t

Granting disclosure

As a project owner
I want grant users and teams permission to see everything
so that they do not need many subscriptions to access parts of the project.

Seeing disclosure

As a project owner
I want to see users with permission to see all of the private items in my project
so that I can maintain control over who has access to my project.

Withdrawing disclosure

As a project owner
I want to prevent a user from accessing to my project or a bug/branch
so that private information is not disclosed and that owners can respond to a disclosure issue immediately

Constraints and Requirements

Must

1. A lists of all the users with full or partial access.
   The view must also show how the user has access: direct or via a team, contributor or user, subscription to artefacts or access to project.

   • What does "contributor or user" mean here? -- jml

2. A summary everything an user may know about the project.
   The view must also show how the user has access: direct or via a team.

3. A way to grant a user or team full access to a project.
   When a owner grants access to a team, the view should show who gains access.

4. A way to revoke all access to a user or team.
   Revocation removed all subscriptions to individual artefacts be default. The owner many choose to keep some subscription so that partial access is allowed. If the user has access via a team, the view must explain how to remove either the user or the team to revoke permissions.

   • Why not also remove the user from the team? -- jml

Nice to have

1. A way to see how the user knows about the project.
   Owners often want to know if the user has email subscriptions to understand if the user is getting information via email too.

   • Why do they care? -- jml

2. List the users who have full access via the owner or driver team.
   The owner may need to know about contributors as well as users. If the owner can revoke access to an owner/driver, then the user must be removed from the team and assignments and subscriptions are removed too.

   • Please unpack this for me -- jml

Must not

1. Revoking a user or team not allow the user to have partial access.
   Revoking access to a user must remove the individual subscriptions that provide partial access.

   • Is this another way of saying "revoke" means "revoke"? -- jml

2. Granting access must not cede control of disclosure.
   Public teams may not be direct or indirect members of a private project. Open teams allow anyone to choose to become a member, which undermines the owner's power to manage disclosure.

Subfeatures

None

Workflows

1. Viewing a list of users and a summary for a single user.
2. Granting access to a user or team
3. Failing to grant access to a team that is public or a member team is a public

   • Ditto for open teams, right? -- jml

4. Revoking access to a user with full access.
5. Revoking access to a user with partial access.
6. Revoking access to a contributor?

Success

How will we know when we are done?

1. An owner can see all users who have access to a private project.
2. The owner can see how the use acquired access.
3. The owner can see a summary of what the user knows.
4. The owner can revoke a user and see what the user was unsubscribed from everything too.

How will we measure how well we have done?

1. The canonical team is subscribed to all canonical projects.

Thoughts?

jml

1. Owner, drivers, an bug supervisors are assumed to have full access.
2. We should geta team within Canonical to beta test

jml

• What about an equivalent view for artefacts? i.e. who can see it, owners can revoke privs etc.
• You distinguish between 'contributor' and 'user' a bit. I sense that you've loaded 'contributor' with special meaning. Would like to know more.