We have bunch of projects in the company and several of them of interest to all employees are public so that anybody can post an issue there.
Now, we want to allow external consultants to access projects they are part of and I don't want them to see any projects they are not part of, including public ones. They are all under role "External Consultants". Its very hard for us to switch all public projects to private since our Redmine procedures are already defined with such projects in existence.
So, is there plugin or patch that will allow me to put external consultants to their projects and hide from them internal public projects ? For instance, permission under projects for a role such as "View public projects" that would be on by default would be one solution that plugin might provide.
Is there any other method to do this ? How hard would be to implement? I initially thought of having second Redmine instance for consultants but we don't want to maintain that scenario, and furthermore, we don't want to have projects on 2 places (syncing is possible but adds another level of complexity).
Related
I have 2 companies with different application and function. But they share same customer database. Should i create one google cloud account and create 2 seperate project or should i using 2 google account for 2 companies?
Unsure of the structure or nature of the work but if you take the scenario of you being a freelancer and creating two projects that happen to use the same DB (lets say owned by you or someone else), I would do the following:
3 projects in total under 3 different Organizations.
Each company will have there own ORG with their own project/application (Project A & B).
Then the third project(Project C) contains the DB they are using, couple of reasons why this useful:
You can grant each project different access/roles to the DB allowing them to do specific queries, limit resources, track costs, or even force costs onto Projects A & B.
You could instead set up an API in Project C that handles all needed DB interactions and give those Endpoints to Projects A & B.
Unsure what you meant about Google Cloud Account but this normally refers to the individual as in johndoe#gmail.com. You can have access to all three projects with one account and then get removed by admins once the work is done. Similarly you can great all three projects and then transfer them to their respective ORGs after but that is slightly more complicated and can cause issues.
I'm a billing administrator for several GCP projects. Some of them I can't access so I can't tell if they're still required. They have very low usage e.g. $0.25 / month so probably just storage costs. I'm pretty sure they were created by a sysadmin who used to work here but has left and he doesn't seem to have given anyone else rights to view the project.
Is there any way to get myself added as a project owner since we're paying for it?
You'll need to be the project owner in order to change ownership of the project. You'll need to contact support as stated on relevant section of the documentation.
Is it possible to use multiple templates in a single instance of VSTS?
I have 20+ teams using VSTS that are doing different kinds of work. Given that, some teams would like to use the out of the box Scrum Template and some of the teams would like to use the Agile template. Can this be done or am I limited to one template per VSTS Node?
Follow on Question, if I am limited to a single temple, can I control what fields are visible in Stories & Tasks on a team by team basis?
Example -- I create a custom field that is visible in one teams task but it is not visible in a different teams tasks.
Thanks
Yes, is possible to use multiple process templates.
you can create a project for each team, in each project you can define another process template.
Choose the VSTS icon to open the Projects page, and then choose Create Project.
Fill out the form provided. Provide a name for your new project, select its initial source control type, select a process, and choose with whom to share the project.
We have been asking the same question in the project that I am working on - we have multiple teams, who are wanting to use multiple templates and have different sized iterations.
The solution that we have utilized is to use multiple projects for each team, rather than a single project, but then use a data visualization tool, such as Power BI, to complete the reporting.
Power BI has Data Connectors that allow direct connections to your VSTS instance, allowing you to gain input from multiple projects. Once the connections have been made, you can append and merge queries to provide a singular query that pulls data from multiple projects.
Microsoft have documented connecting your vsts instance to Power BI - https://learn.microsoft.com/en-us/azure/devops/report/powerbi/data-connector-connect?view=vsts
The projects themselves can also be linked, features in one project can have child processes within a different project meaning each project is not in a complete silo.
We've lots of intranet projects written in Django. As projects grows auth is always painful and duplicated.
E.g. user needs to login to three internal systems:
http://192.168.x.x/proj1/
http://192.168.x.x/proj2/
http://192.168.x.x/proj3/
Basically he has to create three accounts on three systems. So I figured if the MySQL table auth_user and django_session could be shared (using MySQL federated table engine) across three django projects, login session and info could be shared. So create account once and login one and use all three systems.
Is it safe? Anyone done similar in practice?
Sharing auth and session tables is quite an acceptable solution as long as maintainers of each project are aware of this architecture.
Some issues to be aware of:
Each project needs to be aware of the data stored in session by the other projects in order not to overwrite it inadvertently. This is not an issue if you only use the session for authentication.
The messages framework will not work as expected. Again, this might not be an issue in your projects.
It's probably a good idea to use the same Django version across all projects. For example, Django 1.6 changed the way it stores sessions by default. The User model might also change between versions.
If you want to use a Custom User Model, you need to use the same model on all projects. This might be a good option if you need to share extra profile data across projects though.
Since all three projects will have access to the DB, you'd better consider those as a single project/entity from a security point of view. Some data may leak from one project to the other through the session and be exposed where it shouldn't.
Also, some security issues may arise: if for example two projects use inadvertently the same variable name to store conflicting data, considered safe by one project but unsafe by another, a user could inject malicious data which will be considered safe.
But these things could happen if you have a single project maintained by multiple programmers too. So, as long as you make sure these are not issues for your projects you should be fine.
We're starting to use DynamoDB, and want separate environments for dev/staging/production. We can't figure out a natural way to do this---do we just create separate AWS accounts? Or do we use the same account, but add silly prefixes to our tables ("dev-products", "staging-products", "prod-products")?
The standard way to manage this with any amazon products is to create separate accounts and then use consolidated billing so that it doesn't complicate the billing aspect. The thing i like about this is that you don't risk breaking the production code by accidentally running the wrong command. Obviously it doesn't help you if you're logged into the wrong instance but it still helps quite a bit.
Other uses for multiple accounts could be to manage permissions and better testing. Having the accounts separate helps testing because you can reproduce the production account 100% and turn it on and off when you need to test new features. I've talked with amazon premium support about this issue and they've said that this seems to be standard practice for the larger companies. Some of the larger companies have many accounts. At my work here we just have 3 and I find it more useful every day.
Don't forget Amazon's greatly enhanced IAM for access control. It largely gives you the same benefits of separate accounts. (Separate accounts are still an option if you have want to have different levels of paid support.)
Naming wise, my preference is name.environment.whatever.
I can't understand why there is'nt a AWS solution for handling DB-versions like production and test in DynamoDB!? Having multiple AWS accounts is a hassle.
It also becomes a big problem to prefix the table names if you get the items by using the c# class attribute [DynamoDBTable("Users")] and fetching the data with DynamoDBContext.Load<User>(userId);
As attributes values can't change during runtime I ended up with this soluting using conditonal compilation symbols and setting constants that can be used as the class attribute value.
public static class DynamoDbTablesConfiguration
{
#if Debug
public const string UserTable = "Users_Dev";
#endif
#if Release
public const string UserTable = "Users_Production";
#endif
}
[DynamoDBTable(DynamoDbTablesConfiguration.UserTable)]
public class User
{
}
Make sure you set the "conditonal compilation symbols" value by right click on project > Properties > Build > "conditonal compilation symbols".
Not a perfect solution but I don't see any other options here if I don't want to create another AWS account.
I don't see anything that's "above" the tables that can be created for each instance (dev/staging/prod) you have (like a relational database, which have all tables under one DB).
At the application I'm working on, we're using prefixes to the tables.
Amazon now provide a server that you can run locally. You can download it here.