Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
8.20.12
-
8.2
-
2
-
Severity 3 - Minor
-
Description
Issue Summary
This is reproducible on Data Center: (yes)
Granting the Administer Projects permission to a User custom field value results in users having access to the Project Settings area even when the field is not populated.
Steps to Reproduce
- Create a new project with sample data
- Create a new user without project administration permissions to the newly created project
- Create a new custom field of type User Picker
- On the Project Settings, go to the Permission schemes area
- Edit the Administer Projects permissions and grant it to the new custom field
- Log in as the user without project administration permissions
- Verify that the new user has access to the Project Settings page
Expected Results
The user should not have access to the Project Settings.
Actual Results
The user has access to the Project Settings even though the field is not populated.
Workaround
Remove the granted permission to the custom field.