A forum for technical support discussion related to Fogbugz.
I just upgraded to 4.0. We have been waiting for the client feature for quite a while. I added a client in and in list view the client can only view their project, but they can see the count of open bugs for every user, every project, and every release on the left hand column. Have I not setup the client correctly or is this supposed to happen?
I don't want clients to see counts of bugs for other clients and our internal counts. For that matter, I don't want clients to know about other projects or releases.
All our projects are internal except one. I set the client login for internal to none, then attached that client to that project.
The client feature is not usable like this for our company.
Sounds like you didn't set it up right...
Check your clients... Should be set up like this..
Internal -> Customize
The login (let's call it bob) should have no perms in this client
ClientA -> Customize
The login (bob) should have perms in this client. now remember, anyone with perms in this client, bob will be able to see their name.
All projects are set to internal.
Special project for ClientA is set for clientA.
All users have permission to ClientA.
Bob does not have permission to Internal.
When Bob logs in he sees all users that have a bug in the system. He also sees all the bug counts for every priority. I feel like this is inconsistent.
He should only see information that he has permission to see. He does not have permission to know about any other bugs in the system, yet he sees the bug counts for all projects, not just the one he has permission to see.
Since Bob shares a client with everyone else in the system, he can see all those users. He can also see summaries for only projects that he can see. You said before that Bob can see summaries for projects he has no permission on, which should not be true. He may be able to see totals for different priorities, but he can't see project names or fix fors that he doesn't have permission on.
"You said before that Bob can see summaries for projects he has no permission on, which should not be true.", I agree, now that I looked again I did not see other projects or clients. I was so taken back that I could see 20 people with issues open for that client (when there are really only 2) and the priority counts in the hundreds when the client only has 4 open issues that I over stated the issue.
With that said, I feel that the client should not see the users that don't have bugs open with the client and the client should not see the priority counts that have nothing to do with their issues. This goes against the whole concept of restricting the client to only seeing information about projects they have permission to. Why restrict some information and not other information?
I don't want my client (this one in particular) to know our total bug counts and the bug counts of users that do not have bugs open for their project.
I can hear the questions now:
"Why are there so many high priority bugs open?"
"Your other employees don't seem to have many bugs open, why don't you have them work on my issue?"
"Why does the employee with the most bugs open have my issue assigned to them?"
I could go on and on......
I'll add it to our internal db and we'll think harder on this issue. One of the reasons we designed it that way is so that the totals are the same for everyone. We ask... does the client SEE this information or not, and then decide whether to show it to them; not, the client can see part of the totals. That too could lead to confusion, because the totals on the minireports would change depending on who was looking at it.
Thanks for the comments!
I'd like to add some support to the argument that ALL information relating to bugs for which the current user doesn't have permission shouldn't been in the totals/summaries.
I can see that there is an issue then that different people see different totals, but the current situation has a different problem in that the totals on the reports don't add-up sensibly for 'underprivileged' users. (e.g. the sum of bugs in the 'projects' sections of the mini-report is not the same as the some of bugs in the 'by release' section, if there are projects you can't see.)
I would have thought that this problem is at least as undesirable as the problem of different people seeing different totals, even before one thinks about the security issues.
Of course, I concede that it's probably much easier to implement it the way it is now than any other way, and even SuperStar programmers will probably use a lot of logical argument to justify a design decision which involves less programming... :-) (I know I always do, and I couldn't even begin to contemplate working in an office with lime-green windows.)
Wednesday, March 2, 2005
"One of the reasons we designed it that way is so that the totals are the same for everyone."
I am not sure who would be confused by this?
My client would not be confused because they would see totals only for the bugs they can see. I expect they will be confused by the current setup. They see more in the totals than bugs they can see. They will ask, "Are the totals in error, or do those totals relate to bugs that I can't see?".
Mater of fact what user would be confused by the totals matching the bugs they could see. I expect the opposite would be true.
A ridiculous example would be you credit card statement. All the lines in the statement add up to the total at the bottom. I expect you would be confused if the total at the bottom was the sum of all people with that credit card. All the totals on everyone's bill would be the same so that is less confusing? To who?
This topic is archived. No further replies will be accepted.Other recent topics