Sparx Systems Forum

Enterprise Architect => General Board => Topic started by: Adrian Cook on June 23, 2011, 08:04:36 am

Title: Can EA do package or element-level access control?
Post by: Adrian Cook on June 23, 2011, 08:04:36 am

Is EA capable of enforcing access control at the individual package level or even the element level? I.e. Stopping a specific user or group from modifying any elements in package X, or specifially element Y? EA's security model seems to take an all or nothing approach, i.e. a particular user or group can modify everything or nothing, depending on whether or not they have been granted the Update Elements permission.

The description of workflow scripting in EA online help suggests that it is capable of implementing this, though the information about workflow scripting in online help is very limited.

We're using EA 8.0 with a shared DBMS-based project. Our packages are under version control in Subversion. Any tips would be appreciated.

THanks
Adrian

Title: Re: Can EA do package or element-level access cont
Post by: Geert Bellekens on June 23, 2011, 04:38:18 pm

Adrian,

We enforce "write" rights using version control.
We have setup different TFS configurations for different projects, and we've set the security rights on the TFS level.
So only a limited set of users have the rights to check-out a package, and thus edit its contents.

This seems to be working quite well.

Geert

Title: Re: Can EA do package or element-level access cont
Post by: philchudley on June 23, 2011, 06:18:01 pm

I agree wholeheartedly with Geert, and this is the method which I recommend to the numerous clients who have asked the very same question.

As to the workflow script ... well I am very disappointed with it. I was also expecting to be able to control access to packages / elements, but it appears that you only restrict groups/users access to specific properties of an element like Status ... not quite what we expected and in my opinion too restrictive to be worthwhile  :'(

So the multiple version control project with their own access rights is the way to go!

Cheers

Phil

Title: Re: Can EA do package or element-level access cont
Post by: Adrian Cook on June 24, 2011, 04:22:57 am

Thanks for the replies. So it sounds like implementing access control via our version control system seems to be the way to go. Any hints on how we'd go about this using Subversion? I haven't explored the Subversion documentation on this issue yet though it sounds like I (as the administrator) would need to ability to revoke checkout permissions on specific packages for specific users, without them being able to overide that.

BTW, since this is done via the version control system, I assume that only package-level access control is possible (as opposed to element-level control), since it is the packages that are version-controlled.

Thanks,
Adrian

Title: Re: Can EA do package or element-level access cont
Post by: Eve on June 24, 2011, 08:47:07 am

Just as an alternative to what has been suggested. You could create a group specifically for being able to edit the specific package/element you want restricted.

Lock the package/element to that group and add anyone who is allowed to edit it to the group.