Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

permission sets should avoid ".all" permissions

Priority

Labels

Environment

None

Template

None

Description

Summary: module.eholdings.enabled is misleadingly named as a "Can view..." permission set but contains write-access to some modules:

Development Team

Spitfire

Release

None

Story Points

Sprint

Checklist

hide

TestRail: Results

Activity

Show:

Maryna Zhuravlova July 9, 2021 at 8:22 AM

Verified. Working as expected.

Zak Burke June 15, 2021 at 4:17 PM

, I don't think I'm the right person to make that call. That said, inadvertently granting permission to create tags seems minor to me.

Digging in a little deeper, I can't actually find kb-ebsco.all defined in a back-end module. It's discussed in a ui-eholdings PR but the only place I actually see that pset being created is in an API test (). If it's truly only created by a test, then it still needs to be changed, but because it's a bogus value that may not be present outside our test env, not because it's a security risk.

Khalilah Gambrell June 14, 2021 at 7:01 PM

, should this be included in Iris Hotfix #2? Or is it okay to address in Juniper?

Done

Details

Assignee

Reporter

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created June 11, 2021 at 3:33 AM
Updated July 19, 2021 at 9:31 AM
Resolved July 9, 2021 at 7:38 PM
TestRail: Cases
TestRail: Runs