Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

permission sets should avoid ".all" permissions

Description

Summary: ui-organizations.basic.view is misleadingly named/overly permissive. It appears to be a "Can view..." permission set but contains write access via two .all permissions:

Acceptance criteria:

.all permissions are broken up according to the breakdown of organization permissions

"Organizations: Basic view" includes contacts.get and interfaces.get

"Organizations: view, edit" includes contacts.get and contacts.put, contacts.post, contacts.delete and interfaces.get and interfaces.put, interfaces.post, interfaces.delete

"Organizations: view, edit and create" contacts.get and contacts.put, contacts.post, contacts.delete and interfaces.get and interfaces.put, interfaces.post, interfaces.delete

etc...

Environment

None

Potential Workaround

None

Attachments

1

Checklist

hide

TestRail: Results

Activity

Show:

Dennis Bridges July 29, 2021 at 1:28 PM

test successful in bugfest-juniper

Dennis Bridges July 23, 2021 at 6:27 PM

Looks awesome thanks!

Mikita Siadykh July 23, 2021 at 2:25 PM

 changes are available on testing env

Mikita Siadykh July 23, 2021 at 4:40 AM

 ah, it's because we removed .all permission and there are no conditions for interfaces and contacts to show/hide actions based on assigned perms. 

it will be fixed in scope of this one

Dennis Bridges July 22, 2021 at 10:15 PM

 in testing I am still able to see and initiate the edit and delete actions for contacts and interfaces with just the view permission. Should these display as inactive or would this require a separate update? I'm not actually able to edit or delete so the permissions seem to be correct. If this needs a separate issue we can resolve this one.

test successful in folio-testing

Done

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Thunderjet

Parent

Fix versions

Release

R2 2021 Bugfix

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created June 11, 2021 at 3:42 AM
Updated July 29, 2021 at 1:28 PM
Resolved July 23, 2021 at 6:27 PM
TestRail: Cases
TestRail: Runs