Details
-
Bug
-
Resolution: Fixed
-
Low
-
Severity 2 - Major
-
Description
NOTE: This bug report is for JIRA Portfolio Cloud. Using JIRA Portfolio Server? See the corresponding bug report.
Summary
In Plan configuration > Permissions > Plan access. Non-admin users can try to add Viewers and see all users/groups on the instance.
Steps to Reproduce
- Login as non-admin user
- Create a plan
- Go to Plan configuration > permission
- Try add users or groups
Expected Results
- Only groups that the user are belong to should be listed
- Only users that has "Browse Users" in Global Permission should be able to list all users
Actual Results
All users and groups are listed (max 50 on drop down)
Workaround
None
Attachments
Issue Links
- is related to
-
JPOSERVER-1781 Non-admin User Should not be able to see all users/groups in drop down
- Closed