-
Bug
-
Resolution: Duplicate
-
High
-
None
-
11.0.1.0628
-
2
-
Severity 2 - Major
-
No
Issue Summary
A user who has been assigned to a system role that has the "Allow access to cancel item" toggle enabled and "Delete" and Add/Save disabled can cancel the work item by clicking the "Cancel item" link.
Steps to Reproduce
- Go to Administration -> Roles: select a role -> ADDITIONAL OPTIONS and enable the "Allow access to cancel item" toggle
- Make sure that the access to Administration -> Roles: select a role -> Portfolio -> Manage > Portfolio Epics (Initiatives): Make sure "Delete" and the "Add/Save" toggles are disabled for this work item (Epics)
- Same applies for Features (Step 2)
- Go to the Epics or Feature Grid, open one Epic
- Click on the More Options -> Cancel Feature
- A warning pops-up
- Click "cancel item(s)"
- Verify that the Read-only user is able to cancel the work item. (Delete and Add/Save toggles turned off for this user)
Expected Results
The user who has been assigned to a role that has the "Delete" and "Add/Save" toggles disabled for the work item (Epics) should not be able to cancel the work item.
Actual Results
The user who has been assigned to a role that has the "Delete" and "Add/Save" toggles disabled for the work item (Epics) is able to cancel the work item.
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available
- is related to
-
JIRAALIGN-7462 Portfolio Epics or Features - Read-only system user is able to cancel the work item
- In Progress
- causes
-
PS-170244 Loading...
- mentioned in
-