Ideation: Non-Admin can view & edit all External users via URL, but missing button

XMLWordPrintable

      Issue Summary

      User who is not an Admin of an Ideation Group.
      The user cannot see the "Manage External Users" button in izone.asp
      However, the user can navigate via the URL to ExternalUserList.asp and view & edit all user information.

      Steps to Reproduce

      Permissions:

      • Not an Admin of a Ideation Group
      • Enterprise > Manage > Ideation ENABLED
      • Enterprise > Manage > Manage Groups ENABLED
      • Product > Ideas > Ideation ENABLED
      • Product > Ideas > Manage Groups ENABLED
      1. Navigate to "Ideation" (or izone.asp)
      • Note that the "Manage External Users" button is not visible.

        2. Navigate via URL to https://<jiraalign-instance-name>/ExternalUserList.asp
        3. Can reach the page, and edit users within.

      Expected Results

      A. "Manage External Users" button visible
      OR
      B. "Manage External Users" button is not visible, then this user should not be able to access the External Users management page ExternalUserList.asp.

      Actual Results

      No "Manage External Users" button
      Can navigate via URL to edit users.

      Workaround

      None

        1. image-2021-12-06-12-26-03-207.png
          image-2021-12-06-12-26-03-207.png
          48 kB
        2. image-2021-12-06-12-26-15-623.png
          image-2021-12-06-12-26-15-623.png
          48 kB

              Assignee:
              Anna Eshlin De Kassal (Inactive)
              Reporter:
              Heidi Hendry (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: