Bug 1109674 - Analyst can Build&Deploy projects
Summary: Analyst can Build&Deploy projects
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: Documentation
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: CR1
: 6.1.0
Assignee: Vikram Goyal
QA Contact: Jiri Locker
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-16 05:17 UTC by Toshiya Kobayashi
Modified: 2018-12-05 18:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-04-16 21:59:25 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Toshiya Kobayashi 2014-06-16 05:17:45 UTC 
Description of problem:

In BPMS 6.0.1, a user with an 'analyst' role can Build&Deploy projects ("Build & Deploy" in Project Editor) even though the "Deployments" menu is properly hidden to the user.

'analyst' permission isn't clearly defined but according to the following docs, 'analyst' should not be able to build&deploy (or at least deploy) projects, I guess.

Official docs:
https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.0/html-single/Administration_And_Configuration_Guide/index.html#Access_control2
---
analyst: creates and designs processes and forms and instantiates the processes. This role is the similar to a developer, without access to asset repository and deployments. 
---

Community docs:
http://docs.jboss.org/drools/release/6.0.1.Final/drools-docs/html/wb.Workbench.html#wb.Configuration
---
Analyst is a weaker version of developer and does not have access to the asset repository or the ability to deploy projects.
---

web.xml in BPMS business-central.war:
---
Analyst - Responsible for creating and designing processes                                                                 
      into the system. Creates process flows and handles                                                                                    
      process change requests. Needs to test processes that                                                                                 
      they create. Also creates forms and dashboards.
---


Steps to Reproduce:
1. Create a user with a role 'analyst'
2. Log in to business-central
3. Go to [Project Authoring] and Build&Deploy a project ("Build & Deploy" in Project Editor)

Actual results:

- The user can build a project (and the artifact is deployed to Artifact repository and its process shows up in "Process Definitions")

Expected results:

- The user cannot build a project
Comment 1 Toshiya Kobayashi 2014-06-16 05:36:56 UTC 
I'm not very confident about if 'analyst' should be able to Build&Deploy. If 'analyst' should be able to, then we should make docs more clear.
Comment 2 Kris Verlaenen 2014-06-16 10:52:01 UTC 
Analyst should be able to click the Build & Deploy button.  The deployments view is hidden however, as we believe this is too technical for him.

Removing access to the Build & Deploy button is not recommended imho, it would prevent an analyst from deploying anything, so would always require intervention from a developer, preventing any form of self-service.

Note that (especially in future versions, when we improve our support for promotion of assets / projects), there might be additional steps / verification behind that Build & Deploy button (that you will be able to configure) before a project is actually deployed.
Comment 3 Kris Verlaenen 2014-06-16 10:52:31 UTC 
Reassigning as doc issue.
Comment 4 Jiri Locker 2014-08-11 09:32:35 UTC 
If I understand it correctly, the roles description in Admin guide should mention that analyst is allowed to build&deploy project in the authoring perspective (although he is not allowed to access assert repository and deployments).
Comment 5 Vikram Goyal 2015-02-11 00:18:17 UTC 
I am unsure what needs to be done here in terms of changing the documentation. 

At the moment, the docs [1] say:

"analyst: creates and designs processes and forms and instantiates the processes. This role is the similar to a developer, without access to asset repository and deployments."

This is exactly right in terms of what the user with the analyst role is allowed to do. >> This user doesn't have access to the deployments. <<

If I add in here that the analyst is allowed to 'deploy' but not access these deployments, that will get very confusing, IMHO.

I am going to close this as NOTABUG. Please feel free to reopen if you think otherwise with an explanation.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.0/html/Administration_And_Configuration_Guide/chap-Business_Central_configuration.html#Access_control2
Comment 6 Toshiya Kobayashi 2015-02-13 01:17:18 UTC 
Hi Vikram,

> If I add in here that the analyst is allowed to 'deploy' but not access these deployments, that will get very confusing, IMHO.

Yes, it's confusing. But it is the actual behaviour. So... isn't it better to writing it in docs than not writing when software has a confusing behaviour?
Comment 7 Vikram Goyal 2015-02-13 04:38:21 UTC 
Thanks Toshiya.

I have made a change to the analyst description to clarify that they can deploy.

This can be verified here [1].

Moving this to CLOSED-->NEXTRELEASE and marking it for a 6.1 release.

[1] https://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.1/html-single/Administration_And_Configuration_Guide/index.html#Access_control2
Comment 8 Jiri Locker 2015-03-24 17:06:31 UTC 
Verified: "analyst: ... and deploys artifacts."
Note You need to log in before you can comment on or make changes to this bug.