User is able to mark ideas for deletion without the Idea - Delete - All access right
STEPS TO REPRODUCE:
1. Create a user with the following rights:
Ideas - Navigate
Idea Management - Navigate
Idea - Edit - All
2. Login to Clarity as the user above
3. Navigate to the idea list in Classic PPM
4. User is able to select an idea and mark it for deletion
5. Do the same in MUX, select an idea, and notice you are able to mark it for deletion.
Expected Results: User should not be able to mark an idea for deletion without the Idea - Delete - All access right
Actual results: User is able to mark ideas for deletion even with no rights
Additional information: When dealing with projects, the Mark For Deletion button is only available when Project - Delete - All access right is granted
This was analyzed by Engineering under DE66322
The Idea - Edit rights include the delete permission (which is different than CITs). That is why the user is able to mark for deletion those records.
This is per design
Please see the attached matrix that shows the current design of the combination of Delete rights with Edit or View rights for Projects, Ideas, CITs