How do roles and permissions work in Lab Management?

Lab Management relies on specially-named roles to assign access.

For TeamForge users

Like TeamForge, Lab Management relies on specially-named roles to assign access. Your TeamForge projects will need specially-named roles to work with Lab Management. When you set up a project for the first time in Lab Management, these roles will be created for you in your project. In increasing level of privilege, the roles are:
Note: Lab Management 2.4 supports site-wide roles and global roles in TeamForge.
  • With TeamForge 6.0 and later, you can create the "Lab Management - Domain Admin" site-wide role. So, a user with this role, in addition to TeamForge site administrators, can log in as a Lab Management domain administrator.
  • In TeamForge 5.4.x and earlier versions, the Lab Management - User Access, Lab Management - Root Access, and Lab Management - Project Admin roles were project-specific. In TeamForge 6.0 and later, they can be made global roles and inherited in projects.

For CEE users

In contrast to CEE, which relies on permissions and uses roles as customizable baskets of permissions, Lab Management needs special roles to work. For example, in CEE, the Developer role comes by default with a certain set of permissions but these can be customized by the Site Administrator. In Lab Management, the roles cannot be customized. Lab Management uses three project roles and one domain role in CEE, which must all be present in your CEE site that is attached to the Lab Management Manager. Any person with Domain Administrator privileges can create these roles, which are listed in the order of the minimum-to-maximum number of privileges:

Why separate roles and permissions are used in Lab Management

It is very likely that in a real software development project, some separation exists between the administration of the development, QA, and test infrastructures and other aspects of project administration such as code commit privileges and user administration. For example, it is a common specification in security and compliance audits that the developers with commit access to the code should not have access to test systems. By giving separate Lab Management permissions, the Lab Management software enables this type of separation of duties to occur.

Permissions

While virtually all access to Lab Management is arbitrated by the four roles, there is one exception. The Project Build Library is meant to be accessed by users who do not have any Lab Management roles. Therefore, when these users download files from the Project Build Library, Lab Management uses the Project Document - View permission to control access, which is granted as follows: