Manage User Access
The Roles tab lets you view and manage the permissions that are available to a single user account. Users are granted permissions based on the roles that they are assigned in one or more projects.
There are distinctions between the permissions that allow users to perform specific actions in Hub and permissions that allow operations in a connected service. Permissions are usually granted within a project, and provide access to specific resources that are connected to the project. For example, if you have a project in Hub that uses a YouTrack project and a TeamCity project as resources, you have YouTrack-specific permissions that apply only to operations in the YouTrack project and TeamCity-specific permissions that apply to the TeamCity project. In this case, users can have different View Project and Update Project permissions for each connected service.
You can also grant users access in a project by adding them directly to the project team. For more information, see Manage the Project Team.
View Access Permissions
The access permissions for a user account are displayed on the Roles tab of the account profile. Here, you can view which roles and permissions are assigned to the account.
There are two views available on this tab. The default view shows the list of roles that are assigned to the user, listed by Project.
The first section shows roles that are assigned directly to the user.
The second section shows roles that are assigned to the user as a member of a project team.
The remaining sections show roles that are assigned to the user as a member of a group. There are dedicated sections for roles that are assigned to each group that has the auto-join option enabled.
You also have the option to view the list by Role.
The information is divided into the same sections that are shown when viewed by Project.
The following actions are available in both views:
Use the search box to filter the list. You can use a range of filter criteria including user, group, role, and permission. Enter your search criteria in the format
field: value
.
For example, if you want to see the projects that the user has permission to update, enterpermission: (Update Project)
and apply the filter.Click the Details button to show or hide the sidebar. The sidebar displays the set of permissions that are assigned to the role. The permissions are grouped by service.
To view the access rights for a user account:
Open the Roles tab of the account profile.
Use the search box to filter the list by a role, project, or even a particular permission to find out if the account has the required access to a resource or operation.
Grant a Role to a User
If you do not want to assign a role to all of the members in a group, you can assign the role to a user directly.
To assign a role to a user directly:
In the Access Management section of the Administration menu, select Users.
Use the search box to find the desired user account.
Select a user from the list.
Select the Roles tab.
Click the Grant role button.
In the Grant Role dialog, choose a role to assign to the user.
Select one or more projects where you want to apply the role.
Click the Grant button.
Revoke a Role from a User
If a user no longer requires access that is granted by a role, you can revoke the role assignment. This procedure only applies to roles that are assigned directly to a user.
To revoke a role from a user:
In the Access Management section of the Administration menu, select Users.
Use the search box to find the desired user account.
Select a user from the list.
Select the Roles tab.
Locate the role assignment that you want to remove from the selected user account. Use the search box to locate a role by name, project, or permission.
Under the role assignment, select the project in which the role is granted.
Click the Revoke role button.
- Confirm the action in the confirmation dialog.
The role is revoked from the user in the selected project.
The user loses the permissions that are assigned to the role in the project.
For roles that a user inherits as a member of a group or project team, you can revoke access in other ways.
If a role is granted to a user as a member of a group, you can revoke the role assignment by removing the user from the group. Select the role in the list and click the Remove from group button.
If a role is granted to a user as a member of a project team, you can revoke the role assignment by removing from the group or project team. Select the role in the list and click the Remove from team button.