[JIRAALIGN-4984] User can overwrite Portfolio Epic via Import despite no visibility to the Epic

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 10.122.3
Affects Version/s: 10.119.3
Component/s: Import|Export
Labels:
- Bulldog

Support reference count:
1
Symptom Severity:
Severity 2 - Major
Does fix include system behavior or UI changes?:
No
External issue URL:
https://softwareteams.atlassian.net/rest/api/2/issue/359364

Issue Summary

A user who has no visibility to a Portfolio and its Epics can still modify those Epics via Import. This is inconsistent with the broader UI and can lead to unintentional overwriting of data that is difficult to identify and fix.

Steps to Reproduce

Create Portfolio 1 and Portfolio 2 with a single Program under each
Add Test user as member of Portfolio 2 Team
Create Epic1 under Portfolio 1
Log in as Test user and confirm you have no access / visibility to Epic1
As Test user, perform import targeting Epic1's ID

Expected Results

Import should be consistent with broader UI and prevent modification of work items for which a user does not have visibility

Actual Results

Import allows modification of work items for which a user does not have visibility which can lead to unintended overwriting of data

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

image-2023-05-10-12-52-47-922.png
10/May/2023 4:52 PM
28 kB
Brandon Harris
image-2023-05-10-12-54-21-577.png
10/May/2023 4:54 PM
41 kB
Brandon Harris
image-2023-05-10-12-56-38-194.png
10/May/2023 4:56 PM
41 kB
Brandon Harris
image-2023-05-10-13-00-46-559.png
10/May/2023 5:00 PM
26 kB
Brandon Harris
image-2023-05-10-13-08-16-475.png
10/May/2023 5:08 PM
44 kB
Brandon Harris
image-2023-05-10-13-09-32-357.png
10/May/2023 5:09 PM
45 kB
Brandon Harris
image-2023-05-10-13-10-28-751.png
10/May/2023 5:10 PM
39 kB
Brandon Harris
image-2023-05-10-13-11-17-760.png
10/May/2023 5:11 PM
68 kB
Brandon Harris

causes: PS-140760 You do not have permission to view this issue; PS-152485 You do not have permission to view this issue

is connected to: JAVOM-2560 Failed to load

resolves: PS-129900 You do not have permission to view this issue

Form Name

backbone-sync-bot made changes - 18/Jun/2025 10:02 PM

External issue URL

New: https://softwareteams.atlassian.net/rest/api/2/issue/359364

backbone-sync-bot made changes - 18/Jun/2025 10:02 PM

Remote Link

New: This issue links to "JAVOM-2560 (Software Teams JIRA)" [ 1033042 ]

Rodrigo Cortez made changes - 01/Nov/2023 12:58 PM

Remote Link

New: This issue links to "PS-152485 (Atlassian Support System)" [ 832656 ]

Josh Ellis (Inactive) made changes - 06/Sep/2023 3:48 PM

Labels

Original: Bulldog JAVOM

New: Bulldog

ja-sync-bot made changes - 06/Sep/2023 3:22 PM

Labels

Original: Bulldog

New: Bulldog JAVOM

Kirill Duplyakin made changes - 28/Aug/2023 5:12 AM

Remote Link

New: This issue links to "PS-140760 (Atlassian Support System)" [ 804913 ]

backbone-sync-bot made changes - 25/Jul/2023 11:38 PM

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Closed [ 6 ]

backbone-sync-bot made changes - 25/Jul/2023 11:38 PM

Fix Version/s

New: 10.122.3 [ 105214 ]

backbone-sync-bot made changes - 05/Jul/2023 9:38 PM

Status

Original: Ready for Development [ 10049 ]

New: In Progress [ 3 ]

Inna Dogan made changes - 21/Jun/2023 9:21 AM

Status

Original: Long Term Backlog [ 12073 ]

New: Ready for Development [ 10049 ]

Assignee:: Don Fuller

Reporter:: Brandon Harris (Inactive)

Affected customers:: 2 This affects my team

Watchers:: 4 Start watching this issue

Created:: 10/May/2023 5:20 PM

Updated:: 18/Jun/2025 10:02 PM

Resolved:: 25/Jul/2023 11:38 PM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates