Uploaded image for project: 'ui-organizations'
  1. ui-organizations
  2. UIORGS-251

permission sets should avoid ".all" permissions

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      ACQ Sprint 119
    • Story Points:
      1
    • Development Team:
      Thunderjet
    • Release:
      R2 2021 Bugfix

      Description

      Summary: ui-organizations.basic.view is misleadingly named/overly permissive. It appears to be a "Can view..." permission set but contains write access via two .all permissions:

       69       {
       70         "permissionName": "ui-organizations.basic.view",
       71         "displayName": "Organizations: Basic view",
       72         "visible": false,
       73         "subPermissions": [
       74           "module.organizations.enabled",
       75           "organizations.organizations.collection.get",
       76           "organizations.organizations.item.get",
       77           "organizations-storage.accounts.collection.get",
       78           "organizations-storage.accounts.item.get",
       79           "organizations-storage.addresses.collection.get",
       80           "organizations-storage.addresses.item.get",
       81           "organizations-storage.agreements.collection.get",
       82           "organizations-storage.agreements.item.get",
       83           "organizations-storage.aliases.collection.get",
       84           "organizations-storage.aliases.item.get",
       85           "organizations-storage.categories.collection.get",
       86           "organizations-storage.categories.item.get",
       87           "organizations-storage.contacts.all",
       88           "organizations-storage.emails.collection.get",
       89           "organizations-storage.emails.item.get",
       90           "organizations-storage.interfaces.all",
       91           "organizations-storage.phone-numbers.collection.get",
       92           "organizations-storage.phone-numbers.item.get",
       93           "organizations-storage.urls.collection.get",
       94           "organizations-storage.urls.item.get",
       95           "ui-organizations.third-party-services"
       96         ]
       97       },
      

      Acceptance criteria:

      .all permissions are broken up according to the breakdown of organization permissions

      "Organizations: Basic view" includes contacts.get and interfaces.get

      "Organizations: view, edit" includes contacts.get and contacts.put, contacts.post, contacts.delete and interfaces.get and interfaces.put, interfaces.post, interfaces.delete

      "Organizations: view, edit and create" contacts.get and contacts.put, contacts.post, contacts.delete and interfaces.get and interfaces.put, interfaces.post, interfaces.delete

      etc...

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                dennisbridges Dennis Bridges
                Reporter:
                zburke Zak_Burke
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases