Uploaded image for project: 'ERM Platform'
  1. ERM Platform
  2. ERM-2624

Add view only permissions for Agreement settings



    • ERM Sprint 159, ERM Sprint 160, ERM Sprint 161, ERM Sprint 162, ERM Sprint 163, ERM Sprint 164
    • Bienenvolk
    • Poppy (R2 2023)
    • TBD


      It has been requested to have 'view only' permissions for settings in agreements.

      The way we split down the permission for users in Agreements currently is into four parts:

      • "permissionName": "ui-agreements.generalSettings.manage"
      • "permissionName": "ui-agreements.picklists.manage"
      • "permissionName": "ui-agreements.supplementaryProperties.manage"
      • "permissionName": "ui-agreements.appSettings.manage"

      For consistency we should reflect the same structure for view only:

      • "permissionName": "ui-agreements.generalSettings.view"
      • "permissionName": "ui-agreements.picklists.view"
      • "permissionName": "ui-agreements.supplementaryProperties.view"
      • "permissionName": "ui-agreements.appSettings.view" [*already exists*]

      The existing 'manage' permissions rely on "settings.agreements.enabled" - which grants:

      "subPermissions": [

      Since "settings.agreements.enabled" is not exposed directly to the user (visible=false) we can make changes here without affecting anything else. For logical consistency I would propose:

      1. Update settings.agreements.enabled to only include "module.agreements.enabled" and "settings.enabled"
      2. Add new permission settings.configuration.manage which grants "configuration.entries.collection.get", "configuration.entries.item.put", "configuration.entries.item.post"
      3. Add new permission settings.configuration.view which grants only "configuration.entries.collection.get"
      4. Update the existing ui-agreements.generalSettings.manage setting to additionally grant "settings.configuration.manage" as well as settings.agreements.enabled
      5. Add the three new settings "view" permissions which grant settings.agreements.enabled and, for ui-agreements.generalSettings.view also settings.configuration.view

      ui-agreements.generalSettings.view will need:

      • settings.agreements.enabled
      • settings.configuration.view

      ui-agreements.picklists.view will need:

      • settings.agreements.enabled
      • erm.refdata.view

      ui-agreements.supplementaryProperties.view will need:

      • settings.agreements.enabled
      • erm.custprops.view

      ui-agreements.appSettings.view will need:

      • settings.agreements.enabled
      • erm.settings.read

      Also need to. check the code that displays permissions in the UI as I think we display sections in the settings based on the four "manage" permissions that exist right now. I think the best thing to do would be to replace this with a check for the new equivalent "view" permissions and then update all the "manage" permissions to have the equivalent "view" as a sub permission (the alternative would be to check for either the view OR the manage permission in the code before displaying the section in the UI)

      Interested Parties: sduvvuri  Anya N. Arnold ostephens 

      TestRail: Results


          Issue Links



                ostephens Owen Stephens
                slemon Samuel Lemon
                0 Vote for this issue
                1 Start watching this issue



                  TestRail: Runs

                    TestRail: Cases