5.5. Groups and Group Security

Groups allow the administrator to isolate bugs or products that should only be seen by certain people. There are two types of group - Generic Groups, and Product-Based Groups.

Product-Based Groups are matched with products, and allow you to restrict access to bugs on a per-product basis. They are enabled using the usebuggroups Param. Turning on the usebuggroupsentry Param will mean bugs automatically get added to their product group when filed.

Generic Groups have no special relationship to products; you create them, and put bugs in them as required. One example of the use of Generic Groups is Mozilla's "Security" group, into which security-sensitive bugs are placed until fixed. Only the Mozilla Security Team are members of this group.

To create Generic Groups:

  1. Select the "groups" link in the footer.

  2. Take a moment to understand the instructions on the "Edit Groups" screen, then select the "Add Group" link.

  3. Fill out the "New Name", "New Description", and "New User RegExp" fields. "New User RegExp" allows you to automatically place all users who fulfill the Regular Expression into the new group. When you have finished, click "Add".

To use Product-Based Groups:

  1. Turn on "usebuggroups" and "usebuggroupsentry" in the "Edit Parameters" screen.

    Warning

    XXX is this still true? "usebuggroupsentry" has the capacity to prevent the administrative user from directly altering bugs because of conflicting group permissions. If you plan on using "usebuggroupsentry", you should plan on restricting administrative account usage to administrative duties only. In other words, manage bugs with an unpriveleged user account, and manage users, groups, Products, etc. with the administrative account.

  2. In future, when you create a Product, a matching group will be automatically created. If you need to add a Product Group to a Product which was created before you turned on usebuggroups, then simply create a new group, as outlined above, with the same name as the Product.

Warning

Bugzilla currently has a limit of 64 groups per installation. If you have more than about 50 products, you should consider running multiple Bugzillas. Ask in the newsgroup for other suggestions for working around this restriction.

Note that group permissions are such that you need to be a member of all the groups a bug is in, for whatever reason, to see that bug.

Note

By default, bugs can also be seen by the Assignee, the Reporter, and by everyone on the CC List, regardless of whether or not the bug would typically be viewable by them. Visibility to the Reporter and CC List can be overridden (on a per-bug basis) by bringing up the bug, finding the section that starts with "Users in the roles selected below..." and un-checking the box next to either 'Reporter' or 'CC List' (or both).