Author Topic: Security: How to limit the scope of Update Status? (Read 9265 times)

miksko · « **on:** January 03, 2024, 09:54:09 pm »

We have sorted our use cases into a hierarchy of packages, like the example below.

Package Level 1 Package Level 2 Package Level 3, Package A Use case A Package Level 3, Package B Use case B

The first level represents the organisation's value streams, the second represents different areas within each stream, while the third one is to version control each use case individually; setting Version, Status and creating a baseline.
We want the requirement analyst to be able to version control on the third level, by using the Update Status command. We also want them to be able to create new packages/use cases on the third level. But we don't want them to be able to do either of that on the first or second level.

Currently all levels are locked to the user group "RequirementAnalyst". The problem is that a user may accidentally change the Version and Status of a package on Level 1 och Level 2. The change will then propagate to all the child packages, since this is the default behavior of Update Status.

If I try to restrict Level 1 and Level 2, by locking them to the group "RequirementManager", all newly created packages on Level 3 will inherit the lock, making it impossible for the requirement analysts to version control them.

Is there some other way to restrict the scope of Update Status and block it from propagating through the package levels? I know you are able to uncheck Recursively update all child packages in the Update Status dialogue. Unfortunately that box is checked by default, but I suspect a system administrator will be able to tinker with the setting and possibly also make it impossible for users to change it.

Geert Bellekens · « **Reply #1 on:** January 03, 2024, 11:34:31 pm »

You can version control them all, and then in the version control system define who has the rights to checkout

If they are version controlled (like connected to TFS or SVN) then you can't edit them unless you have checked them out.

Geert

miksko · « **Reply #2 on:** January 08, 2024, 09:48:26 pm »

Quote from: Geert Bellekens on January 03, 2024, 11:34:31 pm

You can version control them all, and then in the version control system define who has the rights to checkout

If they are version controlled (like connected to TFS or SVN) then you can't edit them unless you have checked them out.

Geert

We store our models in a ProCloud server. Are you talking about a file-based model, Geert?

Geert Bellekens · « **Reply #3 on:** January 08, 2024, 10:01:20 pm »

No, you don't need to use file based repositories to connect to a version control system.

https://sparxsystems.com/enterprise_architect_user_guide/16.1/modeling_fundamentals/versioncontrol.html

Geert

miksko · « **Reply #4 on:** January 09, 2024, 08:31:13 am »

Quote from: Geert Bellekens on January 08, 2024, 10:01:20 pm

No, you don't need to use file based repositories to connect to a version control system.

https://sparxsystems.com/enterprise_architect_user_guide/16.1/modeling_fundamentals/versioncontrol.html

Geert

Thanks for the tip, Geert. We have discussed such a need but for other reasons.

Still, Update Status is available also without a VCS. Shouldn't you then be able to have more control over it's scope and behavior?

Sparx Systems Forum

News: