This document details how Red Hat employees view issues with security levels Red Hat Partner and Red Hat Engineering Authorized.
Jira security level Red Hat Partner
The ability to see and work on partner bugs requires that users be a member of the Red Hat Bugzilla See Partner Bugs Jira group (which underlies Red Hat Partner security level). This group is fed by the LDAP group bugzilla-see-partner-bugs.
Engineering partner management requires that access to partner bugs be limited to Engineering and Support staff. Red Hat associates from other parts of Red Hat are not to be given full access to partner bugs. Their access is controlled per partner, when they are directly dealing with that partner and have approval from engineering partner management, or on a bug-by-bug basis when users involved in the bug believe it is appropriate. The see_partner_bugs group is how we manage this restriction based on a user's role in Bugzilla. Users are not added to this group directly; instead, they inherit membership based on their role (e.g., the support_staff packager, qe_staff, etc. groups grant membership).To be added to the see_partner_bugs group in Bugzilla, you must apply for the packager role (note that members of the Red Hat Support may choose the support_staff role). Access to that role in Bugzilla will grant you access to the see_partner_bugs Bugzilla group, which in turn feeds the LDAP group bugzilla-see-partner-bugs. Access to this LDAP group provides access to the Jira group Red Hat Bugzilla See Partner Bugs. To access roles, go to bugzilla.redhat.com > My Links > Workflows > Request Group Membership.
If you only need access to specific issues that are restricted to this security level, you can ask to be added to the "Contributors" field on the issues you should be able to access.
Jira security level Red Hat Engineering Authorized
The redhat group is how we manage access to Jira issues with security level Red Hat Engineering Authorized. Users are not added to this group directly; instead, they inherit membership based on their role (e.g., redhat). Note that users who are in the packager or support_staff roles in Bugzilla (see previous section) will also have access to the Red Hat Engineering Authorized security level in Jira.
To be added to the redhat group in Bugzilla, you must apply for the redhat role. Access to that role in Bugzilla will grant you access to the redhat Bugzilla group, which in turn feeds the LDAP group bugzilla_redhat. Access to this LDAP group provides access to the Jira group Red Hat Engineering Authorized. To access roles, go to bugzilla.redhat.com > My Links > Workflows > Request Group Membership.
If you only need access to specific issues that are restricted to this security level, you can ask to be added to the "Contributors" field on the issues you should be able to access.
Mapping table
The following table provides a mapping of Bugzilla, LDAP, and Jira groups.
Bugzilla role meta-group | Bugzilla group | LDAP group | Jira group | Security Level in Jira |
redhat | redhat | bugzilla_redhat | Red Hat Bugzilla Authorized | Red Hat Engineering Authorized |
packager | see_partner_bugs | bugzilla-see-partner-bugs | Red Hat Bugzilla See Partner Bugs | Red Hat Partner Red Hat Engineering Authorized |
support_staff | see_partner_bugs | bugzilla-see-partner-bugs | Red Hat Bugzilla See Partner Bugs | Red Hat Partner Red Hat Engineering Authorized |
On-site partner engineers are not permitted access to internal groups, they are only permitted access to:
- the redhat_partner_engineer_staff group
- their own partner group
- public groups