Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Medium
Fix Version/s: None
Affects Version/s: 1.9.6
Component/s: None
Labels:
- affects-server

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

JIRA Portfolio does not allow non administrator users to manage the Portfolio » Administration page when Secure Administration Sessions (WebSudo) is enabled.

Environment

JIRA 6.4.5
JIRA Portfolio 1.9.6

Steps to Reproduce

Setup JIRA with JIRA Portfolio
Create a new user (e.g. "projectmaster");
Create a new group for the Administrators of Portfolio (e.g. "jira-portfolio-administrators");
Add "projectmaster" to "jira-portfolio-administrators";
Navigate to Portfolio » Administration and add the "jira-portfolio-administrators" group to the Administrator role.
Log in with the "projectmaster" user;
Try to access *Portfolio » Administration;
A login page will be displayed, stating the the user does not have permission to view page.

Expected Results

The user should be able to see the Portfolio Administration page.

Actual Results

The user would is redirected to the "WebSudo" screen, which is redirecting the user to the Login page (as the user is not an administrator and hence should not see the websudo page).

Workaround

Follow the Configuring Secure Administrator Sessions to disable websudo.

Attachments

Issue Links

relates to

JRASERVER-63047 As a Portfolio Admin, I should be able to access the administration section of Portfolio without having Websudo disabled

Gathering Interest

Activity

People

Assignee:: Unassigned

Reporter:: Matheus Fernandes

Archiver:: Aakrity Tibrewal

Dates

Created:: 05/Jun/2015 3:48 PM

Updated:: 14/Aug/2019 6:20 AM

Resolved:: 19/Jun/2015 4:40 AM

Archived:: 12/Oct/2023 2:33 AM