Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-4984

User can overwrite Portfolio Epic via Import despite no visibility to the Epic

    XMLWordPrintable

Details

    • 1
    • Severity 2 - Major
    • No

    Description

      Issue Summary

      A user who has no visibility to a Portfolio and its Epics can still modify those Epics via Import. This is inconsistent with the broader UI and can lead to unintentional overwriting of data that is difficult to identify and fix.

      Steps to Reproduce

      1. Create Portfolio 1 and Portfolio 2 with a single Program under each
      2. Add Test user as member of Portfolio 2 Team
      3. Create Epic1 under Portfolio 1
      4. Log in as Test user and confirm you have no access / visibility to Epic1
      5. As Test user, perform import targeting Epic1's ID




      Expected Results

      Import should be consistent with broader UI and prevent modification of work items for which a user does not have visibility

      Actual Results

      Import allows modification of work items for which a user does not have visibility which can lead to unintended overwriting of data

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          causes

          PS-140760 Loading...

          PS-152485 Loading...

          resolves

          PS-129900 Loading...

          Activity

            People

              dfuller@atlassian.com Don Fuller
              1a93744f1bf8 Brandon Harris
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Backbone Issue Sync