-
Suggestion
-
Resolution: Unresolved
-
2
-
Issue Summary
On Jira Align Admin -> Roles -> Select the User Roles -> Administration -> Other Setup -> Custom Hierarchy -> Manage, if the user saves the toggles directly from that page without updating the User Role, it will provide access to the user to access all Custom Hierarchies to view and edit, ignoring the toggles selected in the Custom Hierarchy Manage screen.
Steps to Reproduce
- Go to Jira Align Admin -> Roles -> Select the User Roles -> Administration -> Other Setup -> Custom Hierarchy -> Manage
- Turn off all the toggles there (or toggle just one) and click on "Save" in the Manage Screen
- Login with the user role affected in Jira Align
- On Jira Align, click on Custom Rooms and View All Custom Rooms
- Try to view and edit any CH there.
Expected Results
The Custom Hierarchies will be accessible respecting the toggles selected in the Jira Align user roles -> Custom Hierarchies Manage
Actual Results
Jira Align allows the user to view and edit Custom Hierarchies which is forbidden.
Workaround
As a workaround, the users can;
- Go to Jira Align Admin -> Roles -> Select the User Roles -> Administration -> Other Setup -> Custom Hierarchy -> Manage
- On the Manage screen, click on Save
- Then on the Roles Page, click on Save as well
