When a policy is created you must define what we call a “Reviewer”
This is one or more user/groups that will be assigned on the review records created by this policy as review, so after you create a policy the review records will be created:
Now two things can happen:
1- i edit the incomplete review (the second) by clicking on the review and then edit
2- i create a new review record (by clicking “add”)
Either way i need to define who is doing the (current) review , eramba by default will show you the user you specified (in #1, not #1)
When we save this review the record gets updated and a new record is created (with the new review date) … now who is suppossed to be the reviewer of this new review? The system should use whatever is specified as “Reviewer” on the parent policy. Well is not:
And that is a bug: https://github.com/eramba/eramba_v2/issues/2371
===== FIX ======
The fix must apply to all three: Policy, Risk and Asset as they all have the review logic … the “reviewer” should be populated as follow:
Policy: use the parent policy “Reviewer”
Risk: use the parent risk “Stakeholder”
Asset: use the parent asset “Owner, Guardian and User” (all three)
We anyway need to fix this in a more profound way … the user needs to be able to choose what they want and the “stakeholder” (in risk) and guardian,owner and user (on assets) might not make sense to them.