User permissions [back to contents]
BugTracker.NET allows you to base permissions on "projects" or "organizations" or both. The terms "projects" and "organizations" are somewhat flexible and maybe even overlapping.
BugTracker.NET also recognizes the difference between "internal" and "external" users. Setting up permissions so that they match your situation might require some experimentation. Because you can use both projects and organizations, there could be more than one way to setup the permission scheme that fits your needs. To get you started, here are a few scenarios and how you might use permissions to handle them.
Setup: Set "DefaultPermissionLevel" to "2" in Web.config. That gives everybody permission to all projects. You could still use per-project permissions to explicitly revoke permissions for specific users and projects. You can even use the following .css to hide the project and organization fields on the edit bug page:
Setup: Set "DefaultPermissionLevel" in Web.config to 0. This denies everybody permission to all projects except where permission is explicitly granted. Create a BugTracker.NET project for each project team. Edit users so that they have the "all" permission for the project they are a member of and leave the others set to "none".
Setup: Set "DefaultProjectLevel" in Web.config to 1. Leave the setting for the other projects to "view only".
Setup: Set "EnableInternalOnlyPosts" to "1" in Web.config. This allows you to post comments to bugs that user who are marked "external" canít see. Create a BugTracker.NET organization for each customer. Check the "external" flag on the organization. Set "Permission level for bugs associated with other (or no) organizations" to "None". Create another organization naming it something like "Internal" and set "Permission level for bugs associated with other (or no) organizations" to "Add/Edit". When a customer-user adds a bug, it will automatically be associated with the organization, and other customers wonít be able to see it. Your internal users will be able to see the bugs for all customers.
Setup: Create a user named "guest". There is special logic in BugTracker.NET to handle the guest user differently. First of all, you canít give the guest user permissions any stronger than Reporter. Second, the link to "settings" and the button to "Save search as query" are not available to the guest user. You can also set the Web.config setting "AllowGuestWithoutLogin" to "1" which allows anybody to access your BugTracker.NET as "guest" without logging in at all.
Setup: Create an organzation and set the "Status" permission for that organization to "Read Only". Create another organization and set its "Assigned to" permission to "None".
Comments only internal users can see: