-
Bug
-
Resolution: Won't Fix
-
Medium
-
None
-
1.9.6
-
None
Summary
JIRA Portfolio does not allow non administrator users to manage the Portfolio » Administration page when Secure Administration Sessions (WebSudo) is enabled.
Environment
- JIRA 6.4.5
- JIRA Portfolio 1.9.6
Steps to Reproduce
- Setup JIRA with JIRA Portfolio
- Create a new user (e.g. "projectmaster");
- Create a new group for the Administrators of Portfolio (e.g. "jira-portfolio-administrators");
- Add "projectmaster" to "jira-portfolio-administrators";
- Navigate to Portfolio » Administration and add the "jira-portfolio-administrators" group to the Administrator role.
- Log in with the "projectmaster" user;
- Try to access *Portfolio » Administration;
- A login page will be displayed, stating the the user does not have permission to view page.
Expected Results
The user should be able to see the Portfolio Administration page.
Actual Results
The user would is redirected to the "WebSudo" screen, which is redirecting the user to the Login page (as the user is not an administrator and hence should not see the websudo page).
Workaround
Follow the Configuring Secure Administrator Sessions to disable websudo.
- relates to
-
JRASERVER-63047 As a Portfolio Admin, I should be able to access the administration section of Portfolio without having Websudo disabled
- Gathering Interest