Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-5830

Portfolio Room toggle disabled in Role, but user can still access Portfolio Room

XMLWordPrintable

    • 3
    • Severity 3 - Minor
    • No

      Issue Summary

      Portfolio Room toggle is disabled in Role, but the user can still access the Portfolio Room.

       

      This is reproducible on Data Center: (yes) 

      Steps to Reproduce

      1. Step 1. Role > Portfolio > disabled portfolio room toggle.
      2. Step 2. Navigate the Portfolio and able to find portfolio room has disappeared in the sidebar menu, however, the user still can access the Portfolio room and is visible.
      3. Step 2. Enabled portfolio room toggle on and confirmed portfolio room has back again on the sidebar.

      Expected Results

      The user cannot log in/access the portfolio room when the toggle is disabled.

      Actual Results

      The portfolio room has disappeared in the sidebar menu, but the page is still accessible and visible to the user who doesn't have Portfolio Room permission.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. PR toggleON.png
          PR toggleON.png
          163 kB
        2. PR toggle off.png
          PR toggle off.png
          201 kB

          Form Name

            [JIRAALIGN-5830] Portfolio Room toggle disabled in Role, but user can still access Portfolio Room

            Rob Phillips made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 883318 ]
            Erwann (Inactive) made changes -
            Remote Link New: This issue links to "ALIGNSP-22112 (Atlassian Support System)" [ 845522 ]

            Heidi Hendry added a comment -

            I can't attach images. I'll send them to Rachel.

            Heidi Hendry added a comment - I can't attach images. I'll send them to Rachel.

            Heidi Hendry added a comment -

            Hi Kyle, Rachel, Don, 

            Currently in PROD 10.126.3.38171 with new Nav

            if a user is NOT in the Portfolio team, but is in a "child" Agile or Kanban team of that Portfolio, they can navigate to the Portfolio Room and see the Financials.

             

            As this is a public facing website, I have blacked out PII, but the images show that a user with NO Portfolio team membership, then impersonated, can currently see the Financials in the Portfolio Room.

             

            Though this Bug might not be worded that way, that's what this Bug was intended to address.

             

            Heidi Hendry added a comment - Hi Kyle, Rachel, Don,  Currently in PROD 10.126.3.38171 with new Nav if a user is NOT in the Portfolio team, but is in a "child" Agile or Kanban team of that Portfolio, they can navigate to the Portfolio Room and see the Financials.   As this is a public facing website, I have blacked out PII, but the images show that a user with NO Portfolio team membership, then impersonated, can currently see the Financials in the Portfolio Room.   Though this Bug might not be worded that way, that's what this Bug was intended to address.  
            Kyle Foreman made changes -
            Resolution New: Not a bug [ 12 ]
            Status Original: Long Term Backlog [ 12073 ] New: Closed [ 6 ]

            Kyle Foreman added a comment -

            Hi all,

            In Jira Align's new navigation experience, rooms will be on for all users with access to a team at that level (e.g. if users have access to a portfolio/portfolio team, they will have access to the portfolio room). As soon as we're able to the old navigation experience off, role permissions will be updated to reflect this change.

            In the meantime, we'll review our documentation to make sure this is called out clearly. Please let us know if you have any questions.

            -Kyle

            Kyle Foreman added a comment - Hi all, In Jira Align's new navigation experience, rooms will be on for all users with access to a team at that level (e.g. if users have access to a portfolio/portfolio team, they will have access to the portfolio room). As soon as we're able to the old navigation experience off, role permissions will be updated to reflect this change. In the meantime, we'll review our documentation to make sure this is called out clearly. Please let us know if you have any questions. -Kyle

            Heidi Hendry added a comment -

            Hi there, I noticed that you changed the status from "In Progress" to "Long Term Backlog". Please could you explain this decision?

            Thanks

            Heidi Hendry added a comment - Hi there, I noticed that you changed the status from "In Progress" to "Long Term Backlog". Please could you explain this decision? Thanks
            backbone-sync-bot made changes -
            Status Original: In Progress [ 3 ] New: Long Term Backlog [ 12073 ]
            backbone-sync-bot made changes -
            Status Original: Short Term Backlog [ 12074 ] New: In Progress [ 3 ]
            SET Analytics Bot made changes -
            Support reference count Original: 2 New: 3

              dfuller@atlassian.com Don Fuller
              965b37518492 Rachel Kim
              Affected customers:
              8 This affects my team
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: