Audit is showing all fields which are secured behind subpages to the users who do not have access to those subpages. Is this expected?
Release : Any
Component : CA PPM STUDIO
This is by design. Currently to provide access to users to audit trail on the objects there is the following permission:
Audit Trail - View
If you provide it, the users will be able to see all the audit fields on the objects. This is an Admin permission.
We recommend to only provide this permissions to very few users such as the Clarity administrator of the system.
This permission will provide access to all audited fields on the objects they have access to. We don't have field security in Classic and secured subpages access right is only for subpages/list views and not a field level security.
Field Level Security (FLS) is now being introduced in Modern UX so if you want, when you speak to Product Management, let them know you would like having Audit in Modern UX, controlling the access based on FLS like we do on the other modules.
For now we recommend you to remove this permission from all the users who are not allowed to see sensitive information. You may create custom portlets of the Audit data for them to see only with the data you choose.