When creating Tasks by using Copy Task from Template option it is allowing to update Cost Type when user does not have rights.
search cancel

When creating Tasks by using Copy Task from Template option it is allowing to update Cost Type when user does not have rights.

book

Article ID: 408060

calendar_today

Updated On:

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

We are seeing an inconsistency when creating Tasks by using Copy Task from Template option it is allowing to update Cost Type when user does not have rights but not 
when attempting to create task manually in UI or even when updating after creation.
 
Steps to Reproduce: 
 
1. Create a simple process based on task object with start condition on create event.
2. In the start step create system action to update Cost Type to some value.
3. Connect Start to Finish step and validate the process.
4. Login with the user who is not Admin and only have below rights:
a. Project - Edit Management - All
b. Project - Task Management - All
c. Process - AutoStart - All
d. Project - View Management - All
e. Projects - Navigate
f. Resource - Hard Book - All, Resource - Soft Book - All, Resource - View Book - All
5. Navigate to Home->Projects and open one of the projects.
6. Click on Tasks tab and attempt to go to Actions->Copy Task from Template.
7. Choose a task from any of the templates.
8. Once Task is created, check the processes tab and observe process ran and successfully updated Cost Type on the Task even though user does not have rights to do so.
 
Note: same behavior is reproduced in MUX.
 
Expected Results: User was able to update Cost Type via process system action.
 
Actual Results: User should not be able to update Cost Type since they don't have rights.

Environment

Clarity 16.x

Cause

DE174762

Resolution

Not a Defect. Works as Designed. 

When you pick a task that already has the 'Operating' Cost Type, the Process will not do an 'update' on that field because the value is already set to the value of 'Operating' that was defined on the process step.  Therefore, the step passed successfully.

Now if you copy a task that has a different value 'Capital', the process step will try to update it to 'Operating' and that is when it will check the security and generate the message that the field was not updated due to the security authorization check.

Powered by Wolken Software