If you have many users who work on different projects, the following
general plan provides you with the ability to manage them so that
individual users get the permissions they need, but only see the projects
and other resources that they need to interact with:
- Create role-based access groups for the various activities people
perform. For example, create Build Manager and Developer groups. Assign
permissions to these groups as appropriate for their jobs. Build Managers
might have most of the available permissions, while Developers might
have only permissions related to executing jobs.
- Create additional groups for each cross-functional team in your
organization. You might have an IDE team, a PrinterDriver team, and
others.
- Set the Access properties of projects, servers, and other resources
to team groups. All the projects that are relevant to the PrinterDriver
team should have the PrinterDriver access group as their access properties.
- When you add a user to the system, assign a user to all the appropriate
access groups. All users must be assigned to at least one role group
and at least one team group.
If you follow these guidelines, users see only the projects that
are relevant to them, and have permissions appropriate to their roles
in those projects. Also, you can easily change user permissions as
their jobs within your organization change.