Clarity Modern UX Unauthorized access
STEPS TO REPRODUCE
1. Create a user with the following Global Access Rights
Account Settings - Navigate
Advanced Reporting - Navigate
Contract - Navigate
Contract - View - All
Custom Object - Navigate
Menu Links - Navigate
Menu Links - View - All
Organizer - Access
Process - AutoStart - All
Project Management - Navigate
Projects - Navigate
Tasks - Navigate
2. Access the following Modern UX URL's logging in as the user created in step 1
http://servername/pm/#/projects (No Rows To Show message)
http://servername/pm/#/investments ( No investments available message)
http://servername/pm/#/admin/settings/branding
Expected Results: A warning message to indicate the user does not have access
Actual Results: The user appears to have access even in all but one of the URL's nothing is available to display
Release : 15.9.1
Component : CLARITY USERS, GROUPS, OBS ADMINISTRATION
This is working as designed:
The rationale is that the UX will not return data in the use case where the user does not have authorization for seeing the data.
The user has been given the 'navigation' access to get into the page and therefore the page indicates that they do not have any rows returned because they don't have access to any data.