Able to delete ideas without the Idea - Delete - All access right
search cancel

Able to delete ideas without the Idea - Delete - All access right

book

Article ID: 248492

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

User is able to mark ideas for deletion without the Idea - Delete - All access right 

STEPS TO REPRODUCE:
1. Create a user with the following rights:
   Ideas - Navigate
   Idea Management - Navigate
   Idea - Edit - All
2. Login to Clarity as the user above
3. Navigate to the idea list in Classic PPM
4. User is able to select an idea and mark it for deletion
5. Do the same in MUX, select an idea, and notice you are able to mark it for deletion.

Expected Results: User should not be able to mark an idea for deletion without the Idea - Delete - All access right
Actual results: User is able to mark ideas for deletion even with no rights

Additional information: When dealing with projects, the Mark For Deletion button is only available when Project - Delete - All access right is granted

Cause

This was analyzed by Engineering under DE66322

Resolution

The Idea - Edit rights include the delete permission (which is different than CITs). That is why the user is able to mark for deletion those records.

This is per design

Please see the attached matrix that shows the current design of the combination of Delete rights with Edit or View rights for Projects, Ideas, CITs

Attachments

1661785239960__Delete-Permissions-for-Investments-For-KB.pdf get_app