Uploaded image for project: 'ui-acquisition-units'
  1. ui-acquisition-units
  2. UIAC-30

settings.acquisition-units.enabled should not include ".all" permissions

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      ACQ Sprint 117
    • Story Points:
      1
    • Development Team:
      Thunderjet
    • Release:
      R2 2021 Bugfix

      Description

      Summary: The permission-set settings.acquisition-units.enabled is misleadingly named; it also grants write-access via .all permissions:

       92       {
       93         "permissionName": "settings.acquisition-units.enabled",
       94         "displayName": "Settings (acquisition units): display list of settings pages",
       95         "subPermissions": [
       96           "settings.enabled",
       97           "users.collection.get",
       98           "usergroups.collection.get",
       99           "acquisitions-units.units.all",
      100           "acquisitions-units.memberships.all"
      101         ],
      102         "visible": false
      103       },
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Andrei Shumski2 Andrei Shumski
                Reporter:
                zburke Zak_Burke
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases