Can an Agility System Administrator see Everything in the System?

This feature is available in all editions

Question

I'm looking for a story that's in another project. The project doesn't show up in my project tree so I can't look for it in the backlog. Also, when I search for the story ID, I don't get any results. I'm a System Administrator, and I know the story exists. Why can't I see it?

Answer

There are two roles assigned to your Agility account. The first one is your Admin Privileges role. This role establishes your access to the system and the level of system configuration permissions you have. It does not grant you access to projects.

The second role, the Project Role, is the role that determines what you can see and do on each project to which you are assigned. And for each project you work on, your role may be different.

In this case, you are probably not assigned to the project, or the project role assigned to you does not allow you to view backlog items.

To see all workitems in the system, you'll need to be assigned to the root project (System (All Projects)) with the project role of Observer (at a minimum). Your project role on other projects can be adjusted as needed to allow you to view, create, or edit workitems.

Additional Info

With Agility, the root container project for the entire project tree is System (All Projects). If a user has a role in System (All Projects), then they will be granted that same role in ALL child projects through INHERITANCE, whether the project exists already or is created in the future.

The only exception is if that user has been removed explicitly from that project by another Project Admin by assigning a role of No Access.

So if you have a role in System (All Projects), you will see everything that currently exists as well as anything created in the future. Your role in "System (All Projects)", will be inherited throughout the project tree. If you are then removed from a project, you should speak to that Project Admin and tell them not to do that.

Why can a lower-level role remove a System Admin?

It may seem a little counter-intuitive to allow a lower-level Project Admin or Project Lead to remove someone who has a System Admin role, but there is a reason. Members with roles that allow them to create projects (can be less than System Admin), are allowed to add and remove roles as needed depending on who needs access to the project. A System Admin would need to be added specifically to the project as the Project Owner may determine that they do not need access to the project.

This was also done (a very long time ago), so that there would be no Master account or God user. This will not allow anyone to modify their own security to get access to projects that contain information that is not for their eyes, or to delete information that may harm the company and cause data loss. For example, if there was a project that contained sensitive company financial information that was for specific eyes only, the creator of that project could keep out any Members that were not allowed access to the sensitive financial information. As an application admin you may not be allowed to see said sensitive data that may be for the Finance Dept only, and therefore are restricted by the Project Owner.

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.