Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-2135

[JIRAALIGN-2135] Escalations: User with access to the page can see. update and delete Escalations across the entire application

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • Rockets - Usher 4

      Issue Summary

      Escalations: User with access to the page can see. update and delete Escalations across the entire application

      Steps to Reproduce

      1. Login
      2. Create Escalation and assign it to any Program and PI.
      3. Create a Role with access to the Escalations page(Portfolio>Escalations toggle).
      4. Assign any User to this Role. The User should not belong to the hierarchy Program from Step 2 is assigned to.
      5. Impersonate as that user.
      6. Go to the Escalations grid.
      7. check what user can do with the Escalation from Step 2.

      Expected Results

      The user shouldn't see it. And he shouldn't have the ability to edit and delete it. Escalations should respect team assignments.

      Actual Results

      The user is able to see, update, delete the escalation.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            kforeman@atlassian.com Kyle Foreman
            rpetrunyak@atlassian.com Roman Petrunyak (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: