5.5. Groups and Group Security

Groups allow the administrator to isolate bugs or products that should only be seen by certain people. There are two types of group - Generic Groups, and Product-Based Groups.

Product-Based Groups are matched with products, and allow you to restrict access to bugs on a per-product basis. They are enabled using the usebuggroups Param. Turning on the usebuggroupsentry Param will mean bugs automatically get added to their product group when filed.

Generic Groups have no special relationship to products; you create them, and put bugs in them as required. One example of the use of Generic Groups is Mozilla's "Security" group, into which security-sensitive bugs are placed until fixed. Only the Mozilla Security Team are members of this group.

To create Generic Groups:

  1. Select the "groups" link in the footer.

  2. Take a moment to understand the instructions on the "Edit Groups" screen, then select the "Add Group" link.

  3. Fill out the "Group", "Description", and "User RegExp" fields. "New User RegExp" allows you to automatically place all users who fulfill the Regular Expression into the new group. When you have finished, click "Add".

    Warning

    The User Regexp is a perl regexp and, if not anchored, will match any part of an address. So, if you do not want to grant access into 'mycompany.com' to 'badperson@mycompany.com.hacker.net', use '@mycompany\.com$' as the regexp.

  4. After you add your new group, edit the new group. On the edit page, you can specify other groups that should be included in this group and which groups should be permitted to add and delete users from this group.

To use Product-Based Groups:

  1. Turn on "usebuggroups" and "usebuggroupsentry" in the "Edit Parameters" screen.

  2. In future, when you create a Product, a matching group will be automatically created. If you need to add a Product Group to a Product which was created before you turned on usebuggroups, then simply create a new group, as outlined above, with the same name as the Product.

Note that group permissions are such that you need to be a member of all the groups a bug is in, for whatever reason, to see that bug.