Uploaded image for project: 'ui-acquisition-units'
  1. ui-acquisition-units
  2. UIAC-30

settings.acquisition-units.enabled should not include ".all" permissions

    XMLWordPrintable

Details

    • ACQ Sprint 117
    • 1
    • Thunderjet
    • R2 2021 Bugfix

    Description

      Summary: The permission-set settings.acquisition-units.enabled is misleadingly named; it also grants write-access via .all permissions:

       92       {
       93         "permissionName": "settings.acquisition-units.enabled",
       94         "displayName": "Settings (acquisition units): display list of settings pages",
       95         "subPermissions": [
       96           "settings.enabled",
       97           "users.collection.get",
       98           "usergroups.collection.get",
       99           "acquisitions-units.units.all",
      100           "acquisitions-units.memberships.all"
      101         ],
      102         "visible": false
      103       },
      

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                Andrei Shumski2 Andrei Shumski
                zburke Zak_Burke
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases