Action Items that cannot normally be edited via the UI can be edited if the url is modified.
Steps to Reproduce:
1. Log in as User1
2. Go to Home - Organizer
3. Under the Action Items tab, click on New
4. Enter the required fields and select a different user (User2) to assign the Action Item to
5. Click on Save and Return
6. Login as User2
7. Go to Home - Organizer
8. On the Action Items tab, click on New
9. Enter the required fields and save the Action Item
10. On the Action Items list, open the Action Item that was created by User1 on Steps3-5
Notice that there is no Edit button on the bottom of the Action Item details to edit the Action Item.
11. Copy the internal action item ID from the URL. Example: 5004001
Sample URL: http://<clarityServer>/niku/nu#action:calendar.actionitemDetails&odf_pk=5004001&odf_view=actionitemDetails&cancelAction=calendar.actionItemList
12. Back on the Action Items list, open the Action Item created by User2 on Steps8-9
Notice that this Action Item is editable as the Edit button appears on the the page.
13. Click on the Edit button
14. Replace the action item ID on the URL with the ID of the first action item.
Original URL after clicking on Edit button:
Updated URL with other Action Item ID:
Expected Results: The edit page does not come up for the Action Item that User2 should not be able to edit. No edits are allowed to be saved.
Actual Results: The edit page comes up for the Action Item that was assigned to User2 that he should not be able to edit. Edits made to the Action Item can be saved.
Release : All PPM Releases
Component : CA PPM COLLABORATION (DOC & ACTION ITEMS)
Caused by DE50575
DE50575 is currently under review by engineering for a resolution.
There is currently no way to prevent users from being able to edit action items when the URL is modified in this way. However, audit can be enabled on the Action Item fields to track when unexpected changes are made to the Action Items.