-
Bug
-
Resolution: Fixed
-
High
-
10.119.3
-
1
-
Severity 2 - Major
-
No
Issue Summary
A user who has no visibility to a Portfolio and its Epics can still modify those Epics via Import. This is inconsistent with the broader UI and can lead to unintentional overwriting of data that is difficult to identify and fix.
Steps to Reproduce
- Create Portfolio 1 and Portfolio 2 with a single Program under each
- Add Test user as member of Portfolio 2 Team
- Create Epic1 under Portfolio 1
- Log in as Test user and confirm you have no access / visibility to Epic1
- As Test user, perform import targeting Epic1's ID
Expected Results
Import should be consistent with broader UI and prevent modification of work items for which a user does not have visibility
Actual Results
Import allows modification of work items for which a user does not have visibility which can lead to unintended overwriting of data
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
