Clarity Modern UX Unauthorized access

book

Article ID: 222611

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Clarity Modern UX  Unauthorized access

 

STEPS TO REPRODUCE

 

1. Create a user with the following Global Access Rights

 

 Account Settings - Navigate
 Advanced Reporting - Navigate
 Contract - Navigate
 Contract - View - All
 Custom Object - Navigate
 Menu Links - Navigate
 Menu Links - View - All
 Organizer - Access
 Process - AutoStart - All
 Project Management - Navigate
 Projects - Navigate
 Tasks - Navigate
 

 

2. Access the following Modern UX URL's logging in as the user created in step 1

 

 http://servername/pm/#/projects (No Rows To Show message)
 
 http://servername/pm/#/investments ( No investments available message)

 http://servername/pm/#/admin/settings/branding

 

   
Expected Results: A warning message to indicate the user does not have access

 

Actual Results: The user appears to have access even in all but one of the URL's nothing is available to display

Environment

Release : 15.9.1

Component : CLARITY USERS, GROUPS, OBS ADMINISTRATION

Resolution

This is working as designed:

The rationale is that the UX will not return data in the use case where the user does not have authorization for seeing the data.

The user has been given the 'navigation' access to get into the page and therefore the page indicates that they do not have any rows returned because they don't have access to any data.