User is prevented from editing a milestone if viewed from a project scope where he only has Viewer access.
1. Create a milestone in a project that you have editor access in and share it with any number of project spaces where you have Editor access.
2. Change the project scoping of Rally to a project where you only have Viewer access while still in the Milestone.
3. Note that all editing is "grayed out" preventing you from editing the Milestone.
Component : AGILE CENTRAL
Once the user navigates to a project they only have view access to, all they can do is VIEW things.
Just think of it this way: If that user ONLY had access to 1 project as Viewer only, this would work the same way. No matter what artifact they pulled up, all they could do would be view the artifact. No editing allowed.
A user should not be able to add a project to a Milestone that the user only has viewer permissions to. The user should receive an error about "Not authorized to update....." when trying to save the Milestone with the "view only" project. (They can add the project in the project list, but they should not be able to save it).
IF someone else adds a project that the user above has only viewer permissions to (and there are other projects where the user has editor permissions also on the Milestone),
A. If the user is currently in an EDIT project, the user can change any fields in the Milestone. That user will be unable to change any projects if any of the projects currently connected to that Milestone are "Viewer" access for that user.
B. If the user above is in a VIEWER project, then the User will be unable to make any changes to that Milestone until he changes his project scoping and refreshes the screen.