You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Capella Collaboration manager is limited to user based access control. This leads to the fact that teams have to manage access separately which is more manual effort and can also lead to inconsistency.
From a larger perspective we are using groups to have a central place for access management and those groups are used across tools (e.g. Gitlab, DOORS, ...) to ensure that access is consistent and access checks and changes can be done efficiently.
For instance during project creation you would need to add many persons and also for offboarding you would need to check that every project is considered in this check. With group support central LDAP/Oauth groups can be managed and all of the magic for adding/removing users is transparent without manual management effort. For ISMS Audits this would be a great and mandatory feature.
I like the SonarQube / Jenkins approach:
Beside users also groups are listed in all user management fields
Groups are mapped to a role (means you could have abc-read and abc-admin groups)
Every user that logs in will be part of one or multiple groups that may have or not have access to a project
Optional: On project UI level you could still indicate the list of users with the related access group in brackets or just the group to differentiate between group access and single user access
Until this feature will be implemented we will develop an API based workaround to sync project members daily with our existing groups based on naming conventions. Anyhow syncs are not a stable and reliable solution.
The text was updated successfully, but these errors were encountered:
Currently Capella Collaboration manager is limited to user based access control. This leads to the fact that teams have to manage access separately which is more manual effort and can also lead to inconsistency.
From a larger perspective we are using groups to have a central place for access management and those groups are used across tools (e.g. Gitlab, DOORS, ...) to ensure that access is consistent and access checks and changes can be done efficiently.
For instance during project creation you would need to add many persons and also for offboarding you would need to check that every project is considered in this check. With group support central LDAP/Oauth groups can be managed and all of the magic for adding/removing users is transparent without manual management effort. For ISMS Audits this would be a great and mandatory feature.
I like the SonarQube / Jenkins approach:
Until this feature will be implemented we will develop an API based workaround to sync project members daily with our existing groups based on naming conventions. Anyhow syncs are not a stable and reliable solution.
The text was updated successfully, but these errors were encountered: