Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-7585

Forecast: user without access can view and edit forecast when navigating via Program Room

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • No

      Issue Summary

      A user without access role to view or edit the Frecast can navigate to the page via Program Room, and alter it.
      See the below gif with the reproduction of the scenario:

      Steps to Reproduce

      1. Remove the access of a role for the Forecast page
      2. With a user with this role, go to the Program Room
      3. Scroll down and click on Forecast
      4. Now you can view and edit the Forecast, without the access to do it.

      Expected Results

      Users without access to the Forecast should not be able to view or edit it.

      Actual Results

      Users without access to the Forecast can view and edit it when navigating via Program Room.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. forecast.gif
          forecast.gif
          4.05 MB

              9430c2193c41 Bhanu Vanjaku
              a8cff3407f0b Diego Larangeira
              Votes:
              8 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: