-
Suggestion
-
Resolution: Unresolved
-
None
Issue Summary
A user who has been assigned to a system role that has the "Allow access to cancel item" toggle enabled and "Delete" and Add/Save disabled can cancel the work item by clicking the "Cancel item" link.
Steps to Reproduce
- Go to Administration -> Roles: select a role -> ADDITIONAL OPTIONS and enable the "Allow access to cancel item" toggle
- Make sure that the access to Administration -> Roles: select a role -> Portfolio -> Manage > Portfolio Epics (Initiatives): Make sure "Delete" and the "Add/Save" toggles are disabled for this work item (Epics)
- Same applies for Features (Step 2)
- Go to the Epics or Feature Grid, open one Epic
- Click on the More Options -> Cancel Feature
- A warning pops-up
- Click "cancel item(s)"
- Verify that the Read-only user is able to cancel the work item. (Delete and Add/Save toggles turned off for this user)
Expected Results
The user who has been assigned to a role that has the "Delete" and "Add/Save" toggles disabled for the work item (Epics) should not be able to cancel the work item.
Actual Results
The user who has been assigned to a role that has the "Delete" and "Add/Save" toggles disabled for the work item (Epics) is able to cancel the work item.
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available
- relates to
-
JIRAALIGN-7313 Portfolio Epics or Features - Read-only system user is able to cancel the work item
-
- Closed
-
- resolves
-
PS-170244 Loading...