Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-87937

Plans (Advanced Roadmap) allow editing of read-only fields

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Duplicate
    • Plans - Timeline
    • None
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      I am using Plans (Advanced Roadmap) and I have noticed a security problem.

      Plans (Advanced Roadmap) overrides any controls that are set in JIRA. If you have a custom fields that are not editable in JIRA, with Plans (Advanced Roadmap) is anyway possible!

      The security problem is that if you use a Security Level based on a user picker field, and this is editable by anyone with Advanced Roadmap it is possible to make visible issues that normally would not be visible on Jira or are protected by some condition rules.

      Additionally, if a custom field is made non-editable by removing it from the edit issue screen, changes to the field value is still possible via Plans (Advanced Roadmap)

              Unassigned Unassigned
              0583e4ef94d1 Samuel Ng
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: