[JIRAALIGN-2135] Escalations: User with access to the page can see. update and delete Escalations across the entire application

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • Rockets - Usher 4
    • None

      Issue Summary

      Escalations: User with access to the page can see. update and delete Escalations across the entire application

      Steps to Reproduce

      1. Login
      2. Create Escalation and assign it to any Program and PI.
      3. Create a Role with access to the Escalations page(Portfolio>Escalations toggle).
      4. Assign any User to this Role. The User should not belong to the hierarchy Program from Step 2 is assigned to.
      5. Impersonate as that user.
      6. Go to the Escalations grid.
      7. check what user can do with the Escalation from Step 2.

      Expected Results

      The user shouldn't see it. And he shouldn't have the ability to edit and delete it. Escalations should respect team assignments.

      Actual Results

      The user is able to see, update, delete the escalation.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Kyle Foreman
            Reporter:
            Roman Petrunyak (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: