GitHubContribute in GitHub: Edit online

Setting users' permissions on accessing dependency data and build results

Permission hierarchy of DBB objects

By setting permissions on accessing the high-level objects that are stored in the DBB database, you also control the access permissions to the enclosed objects. The hierarchy is as follows:

High-level object Enclosed object
Collection Logical files and logical dependencies
Build result Build reports and attachments

Setting access permissions to DBB objects

There are three fields on a DBB high-level object to control access permissions to DBB objects: owner field, team field, and permission field. Use these fields during creation (POST) or update (PUT).

Field Usage
Owner field To update ownership. Ownership of a DBB object defaults to the user who creates the object.
Team field To assign team. A team is a user registry (that is, LDAP) group that is used to assign authority rights to groups of users. The team field defaults to null or empty, meaning that no team is assigned.
Permission field To set authority by using a three-digit octal number.
  • The first octal digit represents the authority granted to the owner.
  • The second octal digit represents the authority granted to the team.
  • The third octal digit represents the authority for everyone else.
Each digit can have the following values: 2 means write access, 4 means read access, and 6 means read and write access.
The default permission is 664, meaning that the owner has read and write permission, the team has read and write permission, and other users have read permission.

Granting roles to users

You must assign one of the following roles to each DBB server user in the server.xml, either by assigning roles to individual users or to user registry groups. These three roles are defined by DBB to control user authority to read and write DBB objects and authority to access certain REST API.

Role Access permission
DBBAdmins Has full control and authority over all DBB objects regardless of access permissions settings as described in section Setting access permissions to DBB objects
DBBUsers Has authority over DBB objects based on object's settings of owner, team, and permission
Example
If user A matches the owner field set for a DBB object, the user is granted authority to the object according to the first octal digit of the permission field that is set for the object.
Otherwise, if the user belongs to a team, that is, a user registry group, the user's authority to a DBB object is evaluated based on two fields set for the object: the team field and the second octal digit of the permission field. Only if the team that the user belongs to is listed in the team field for the object, the second permission digit applies to this user.
If the user is neither the owner nor member of the team (or team is not set), then the third permission digit applies.
DBBGuests Has authority over DBB objects based on the third octal digit of the permission setting for the objects