Hi eramba community!
We are planning to add a role for a person that will VIEW one of the Compliance Analysis for a specific package and be able to manage Findings to it.
We did:
-
Created the group
-
Adjusted the role permissions with only these permissions enabled:
|ComplianceAnalysisFindings/Add||
|ComplianceAnalysisFindings/Delete||
|ComplianceAnalysisFindings/DownloadAttachment||
|ComplianceAnalysisFindings/Edit||
|ComplianceAnalysisFindings/History||
|ComplianceAnalysisFindings/Index|
|ComplianceAnalysisFindings/Restore||
|ComplianceAnalysisFindings/Trash|
ComplianceManagements/Index -
We made the group as one of the Owners of all items of the specific package (at Compliance Analysis screen)
-
Added the user to the group.
It almost worked 100% correct. The only issue we are having is that the user is being able to add Findings to all packages, and the expected was to see only the package he is one of the owners.
a) See the list of all packages we have (when adding a finding, in the “Affected Compliance Items” tab → Compliance Package field
b) Be able to add Findings to packages the user isn’t an owner, that he isn’t supposed to have access to
c) As a consequence of item “b”, our team might find incorrect findings inside their package analysis.
Sorry for my english and I hope I was able to describe the issue understandably.
Thanks in advance!
PS: we are using “App Version: c2.8.1 | DB Schema Version: c2.8.1”