Once an artifact set has been created, it is possible to lock down who can access the artifacts within the set. Typically, an artifact set is secured if it contains sensitive information such as production passwords, source code, etc., that only a few people are allowed to access. Once an artifact set has been secured, only the users with the appropriate permissions will be able to resolve/download the artifacts within the set. Users without read permission will generally be able to see the artifact set and the files contained within it, but not perform any actions on the artifacts themselves.
There are two permissions used to secure an artifact set:
Read permission. Allows a user to reslove/download the artifacts associated with a Build Life.
Security permission. For users that also have security permissions to the project, the artifact security permission allows users to determine who can set security for the artifact set. For example, users that have been assigned the "admin" role can restrict other roles (i.e., users) from granting security rights.
To secure an artifact set you will need to first ensure that the artifact set default settings are correct, enable artifact security on the server settings and then configure security permissions on the individual artifact set(s).
The artifact set you want to secure must already exist, and you should know which Life-Cycle Model is associated with that Artifact Set. See Managing Life-Cycle Models.
You must have permissions to modify the Server Settings and Life-Cycle Model configuration on the System page. See Setting Up Security.
Before you enable and configure artifact security, you need to verify that the Default Permissions for Artifact Sets are correct. This will ensure that the correct permissions are applied to all existing artifact sets when you enable the system setting.
Go to System > Permissions from the Security menu.
Select ArtifactSet from the drop-down menu and click Set.
On the Artifact Set Permission page, verify that the Default Permissions are correct. The default settings set here will be automatically applied to every existing artifact set -- an action that can't be reversed, even if you disable the server setting.
If you need to change these settings, see Configure Default Permissions before continuing.
Once the Artifact Set Default Permissions are correct, click Done and see Enable Artifact Security.
Once you are satisfied with the Artifact-Set Default Permissions, you can then enable artifact security on the System page.
Go to System > Server Settings and select the Security tab.
Click Edit and see Configure Server Security > Secure Artifact Sets before continuing.
Once enabled, see Secure Individual Artifact Sets to manually secure individual artifact sets.
Once every artifact set has been assigned the appropriate default permissions and the server setting enabled, you must manually secure select artifact sets at the Life-Cycle-Model level:
Go to System > Life-Cycle Models from the Project Support menu.
Select the Life-Cycle Model which contains the artifact set you want to secure.
On the Life-Cycle Model page, select the Artifact Sets link.
Locate the Artifact Set you wish to secure and select the View Security icon (a yellow badge) under the Operations menu.
Modify the permissions and click Save.
Repeat the previous steps for every Artifact Set you wish to secure.