Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-4984

User can overwrite Portfolio Epic via Import despite no visibility to the Epic

XMLWordPrintable

    • 1
    • Severity 2 - Major
    • No

      Issue Summary

      A user who has no visibility to a Portfolio and its Epics can still modify those Epics via Import. This is inconsistent with the broader UI and can lead to unintentional overwriting of data that is difficult to identify and fix.

      Steps to Reproduce

      1. Create Portfolio 1 and Portfolio 2 with a single Program under each
      2. Add Test user as member of Portfolio 2 Team
      3. Create Epic1 under Portfolio 1
      4. Log in as Test user and confirm you have no access / visibility to Epic1
      5. As Test user, perform import targeting Epic1's ID




      Expected Results

      Import should be consistent with broader UI and prevent modification of work items for which a user does not have visibility

      Actual Results

      Import allows modification of work items for which a user does not have visibility which can lead to unintended overwriting of data

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            dfuller@atlassian.com Don Fuller
            1a93744f1bf8 Brandon Harris
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: