Project level Acess restriction

[vintipa]

hi,

please let me know how i can restrict a user/group from accessing some projects in a server. in one of my server i have to add all the users to group dstage to gain access. but once the user is added to this group he has access to all the projects in that server. how can i resolve this.

Vinay.

[ray.wurlod]

Have a different group associated with each project. The general group (dstage) controls access the the DataStage software, not to projects.

[vintipa]

hi,

how can i achieve this [Have a different group associated with each project]? should the permissions to a group on a project be set at unix level, or it can be done in administrator?

[aakashahuja]

Or you can set a project as protected as well (downside is that then it will become read-only for every one)

[vintipa]

hi,

i don't want to make it protected. In my case i created a user in a new group dstage1 and then assigned this group to the new project. but user was not able to access the software as he was not member of dstage group. then when i added user to dstage group he got access to software as well as all other projects.

[ray.wurlod]

Add the user to dstage1 AND dstage groups.

[vintipa]

ya now the user belongs to both dstage and dstage1 groups, that is why he is able to access not only his project but also other unnecessary projects in the server.

[ray.wurlod]

You need to be more selective about which groups are associated with which projects, and make sure that "other" is suitable restricted in each process.

In particular, the dstage group is not associated with any project.

In addition, you need to tighten the relationship between DataStage roles and group in each project - only members of the project's own group should be given Developer role.