Create and manage user Groups
User Groups simplify the management of access rights and permissions. Administrators can create personas or Groups with complex permission and role configurations, then easily assign a large number of users to them. Users can be members of multiple Groups simultaneously, so administrators can temporarily elevate a user's credentials by adding them to, for example, a Project-Admin Group. When the task is done that required elevated credentials, the user can quickly be removed and reverted to their previous access level.
This is an early adoption feature and administrators must add the following property to the polarion.properties file to enable it.
com.siemens.polarion.userGroups.enabled = true
Please read through the current limitations.
Only users with the Global Polarion admin role can access the Groups administration page.
Global Administration
User Management Groups
If allowed by their Global administrator, Project-level administrators with access to their Project's repository can assign a Project role to a Group if they know the Group's ID.
What you can do | Where to configure it |
|---|---|
Create a User Group | |
Edit or Delete a Group | |
Assign a User to a Group | |
Remove a User from a Group | |
Assign a Global Role to a Group | |
Remove a Global Role from a Group | |
Assign a Project Role to a Group | |
Remove a Project Role from a Group |
Create a User Group on the Groups administration page
Enter
Global Administration User Management and select Groups.The
Groups administration page appears.Click Create new Group on the top left of the screen.
An empty form with ID, Name and Description fields appear under the table.
Enter an ID.
This field must have a unique name and cannot be renamed once created.
(Upper and lower-case letters are treated as the same.)
Supported Characters: (Upper and lower-case letters, numbers, - _ . and @ are allowed.)
Unsupported Characters: !#$%^&*()+',:~[]{}`<=>?\|/'Tab'; Japanese, Chinese and emoticons.
Enter a Name. (Supports all UTF-8 characters.)
(Optional) Enter a Description. (Supports all UTF-8 characters.)
Click
Save. (Or 
Cancel to exit without saving the new Group.)The newly created Group appears in the table once the page is refreshed.
Create a User Group via XML file
A Group can also be created by manually adding an xml file to the Polarion repository. Each Group must have its own folder where the configuration XML file is stored.
Create a group.xml file in a directory in the Polarion repository.
repo/.polarion/user-management/groups/Group_ID
(Where Group_ID is a unique folder name. This will become the Group's ID.)
Edit the newly created group.xml file and add the following customized Name and Description tags.
<?xml version="1.0" encoding="UTF-8"?>
<user-group>
<field id="name">Name of a group</field>
<field id="description" text-type="text/plain">This is a description of a group</field>
</user-group>Save the changed file.
Edit or Delete a Group
You can edit or delete a group in one of the following two ways:
Via the
Groups administration page.
Via the Groups administration page:
Enter
Global Administration User Management and select Groups.The
Groups administration page appears.Select the Group that you'd like to edit or delete from the table of existing Groups.
The Group's details appear below the table.
Edit or 
Delete the Group.Click
Delete. (This will delete Group's folder in the repository.)
Click
Edit or just hover over and click on the Name or Description fields to edit them. (You cannot edit a Group's ID.)
Click
Save when you're done.Enter
AdministrationUser Management Roles.Click Synchronise SVN Access File at the top of the page.
Edit or Delete a Group by editing the Group's xml file directly:
Open the group.xml file in the folder of the Group that you want to edit.
repo/.polarion/user-management/groups/Group_to_Edit
Edit the <field id="name"> and/or <field id="description" text-type="text/plain"> content.
<?xml version="1.0" encoding="UTF-8"?>
<user-group>
<field id="name">Edit the name here</field>
<field id="description" text-type="text/plain">Edit the description here</field>
</user-group>Save the changed file.
Enter
Administration User Management Roles.Click Synchronise SVN Access File at the top of the page.
Assign a User to one or more Groups
You must edit the Group xml files directly to assign Users and Roles to a Group.
Create or edit the user-groups.xml file in the following folder in the Polarion repository:
repo/.polairon/security
You can then assign users, via their IDs, to one or more Groups using the following syntax within the created user-groups.xml file.
<?xml version="1.0" encoding="UTF-8"?>
<user-groups>
<user name="User_ID_1">
<group name="Group_ID_1"/>
<group name="Group_ID_2"/>
</user>
<user name="User_ID_2">
<group name="Group_ID_1"/>
</user>
</user-groups>Save the changed file.
Enter
Administration User Management Roles.Click Synchronise SVN Access File at the top of the page.
Remove a User from a Group
Open the user-groups.xml file you created when you assigned the user to a Group:
repo/.polairon/security
Find your target user by searching for their ID and delete the <group name="GROUP_NAME"/> tag for the Group that you want to remove them from.
(Remove the entire <user name="USER_ID"> </user> tag to remove the user from all assigned Groups.)
Save the changed file.
Enter
Administration User Management Roles.Click Synchronise SVN Access File at the top of the page.
Assign a Global Role to a Group
Currently, you must edit the Group xml files directly to assign users and roles to a Group.
All the relations between Global Roles and Groups throughout Polarion are stored in a single XML file. You must know both the IDs of a Group and a Global Role before assigning a Global Role to a Group.
Create or edit the group-roles.xml file in the repo/.polarion/security folder.
Link each Global Role and Group via their IDs using the following syntax.
<?xml version="1.0" encoding="UTF-8"?>
<group-roles>
<group name="Group_ID_1">
<role name="Global_Role_ID_1" />
<role name="Global_Role_ID_2" />
</group>
<group name="Group_ID_2">
<role name="Global_Role_ID_1" />
</group>
</group-roles>Save the changed file.
Enter
AdministrationUser Management Roles.Click Synchronise SVN Access File at the top of the page.
Remove a Global Role from a Group
Open the group-roles.xml file in the repo/.polarion/security folder.
Find your target Group by its <group name="Group_ID"> tag and delete the <role name="Global_Role_ID" /> tag(s) for the Role(s) you want to remove.
(Remove the entire <group name="Group_ID"> </group> tag to remove all global roles from that Group.)
Save the changed file.
Enter
Administration User Management Roles.Click Synchronise SVN Access File at the top of the page.
Assign a Project Role to a Group
A Project Role can be assigned to a Group by adding an XML file to the Polarion repository. All the relations between Project Roles of a specific Project and Groups are stored in a single XML file. You must know both the IDs of a Group and a Project Role before assigning a Project Role to a Group this way.
Project administrators with access to the repository of a Project can assign a Project Role from their Project to a Group if they know the ID of the desired Group.
Create or edit the group-roles.xml file in the repo/ANY_FOLDER/Project_ID/.polarion/security folder.
(The Project_ID folder name must be unique and match the parent Project ID for the Project Role that you want to assign to a Group to.)
Open the file and link each relation between a Project Role and a Group via their IDs using the syntax in the example below:
<?xml version="1.0" encoding="UTF-8"?>
<group-roles>
<group name="Group_ID_1">
<role name="Project_Role_ID_1" />
<role name="Project_Role_ID_2" />
</group>
<group name="Group_ID_2">
<role name="Project_Role_ID_1" />
</group>
</group-roles>Save the changed file.
Enter
AdministrationUser Management Roles.Click Synchronise SVN Access File at the top of the page.
If you want to assign a Project Role from a different Project to the same Group, then you must create a separate XML file within that Project's repository.
Remove a Project Role from a Group
Open the group-roles.xml file in the repo/ANY_FOLDER/Project_ID/.polarion/security folder of your target Project.
Find your target Group by its <group name="Group_ID"> tag and delete the <role name="Project_Role_ID" /> tag(s) for the Role(s) you want to remove.
(Remove the entire <group name="Group_ID"> </group> tag to remove all project roles of the selected Project from that Group.)
Save the changed file.
Enter
Administration User Management Roles.Click Synchronise SVN Access File at the top of the page.
Limitations
The following limitations with the early access version of User Groups will be resolved in the final version.
In this early adoption version of the User Groups
feature, it is not possible to tell where a User was assigned a Role from. (Whether it was assigned directly to them, or it was done via a Group.)
Tip:Create Groups and assign all the roles that you plan on implementing across your production system, but populate them with test users or users that have not had roles assigned directly to them.
Caution:If you use existing users with roles assigned directly to them, they will appear to have duplicate roles on the
Users and Roles administration pages. Since roles assigned using this feature can only be removed by editing the xml files and roles assigned directly to them can only be removed on the Users and Roles pages this might make cleaning up any experimentation a little confusing. (This will not be an issue in the final version.)Use a browser other than Edge and Internet Explorer when working with Groups that contain thousands of users or roles.
The ability to select multiple Users, Global Roles and Project Roles listed on the
Groups administration page will be a powerful tool for managing users, roles and permissions in the final version of this feature, but is only a proof of concept for this early adoption release.