Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-718

Admin: Manage Agile Objects enables users to delete Stories even if the permission to directly delete stories is turned off

XMLWordPrintable

    • Severity 3 - Minor
    • System Roles Set delete stories object role to toggled off, but admin manage agile objects is on
    • Hide
      Object level permissions such as story or epic should control who/what can be deleted, Admin-> Addtl Options->Delete Agile Objects should not override other permissions and should be removed. Admin Manage Agile Objects should not enable deletion of stories if users do not have permissions to delete stories.
      Show
      Object level permissions such as story or epic should control who/what can be deleted, Admin-> Addtl Options->Delete Agile Objects should not override other permissions and should be removed. Admin Manage Agile Objects should not enable deletion of stories if users do not have permissions to delete stories.
    • users can still delete stories.
    • Party Parrots - TART3
    • No

      STR:
      System Roles: Set 'delete stories object' role to toggled off, but admin 'manage agile objects' is on

      AR: users can still delete stories.

      ER: Object-level permissions such as story or epic should control who/what can be deleted, Admin-> Addtl Options->Delete Agile Objects should not override other permissions and should be removed.  Admin Manage Agile Objects should not enable the deletion of stories if users do not have permission to delete stories.

              Unassigned Unassigned
              tkeyes@atlassian.com Tim Keyes
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: