Yup, we are using group-based permissions for all of our projects. We have a group per-project and then add users to that project for them to gain access.
The problem begins to happen when a user needs access to multiple projects with different permissions. For instance, for access to ProjectA the user needs full permissions (add/delete/modify); but for access to ProjectB they only need “add” permissions.
Right now, I assign a user a role (say “Full Permissions”) but any project they are added to they will have these permissions. Now, I can override those on a per-user basis per project as well which is great; except it’s a management nightmare trying to keep pace with what user has access to what project at what level (and what user has their permissions overridden on a certain project).
I posted awhile ago that it would be good to have an API that allows us to query and preferably set user permissions. Then I could simply link a script to (daily, hourly, or whatnot) update user permissions based on our LDAP server (since we can’t integrate them on the cloud).
But right now, alas, it’s close to being unmanageable keeping all the different users, groups and permissions. if i could give a user who is a project “project admin”; even if all that user could do is add/remove/set permissions for users that would be a huge benefit to me (and anyone else who Admins the system in whole).
On a related note; when is the next release planned for Testrail?