Clarity: Users with restricted rights are able to see secured attribute values on the 'Select Resource' page
search cancel

Clarity: Users with restricted rights are able to see secured attribute values on the 'Select Resource' page

book

Article ID: 50224

calendar_today

Updated On:

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

Description:

Not authorized user can see secured attributes, despite enable to protect attributes in [Object] - [Resource].
[Resource List] can be protected, but [Select Resource] cannot be protected.

Steps to Reproduce:

  1. Login to Clarity as an administrator user

  2. Admin Tool > Studio: Objects > Resource Object > Attributes

  3. Create a new attribute

  4. Views > Resource Labor Properties > [Layout:Edit]
    Create a new Subpage (mySubpage)
    In the Subpage properties, check / select 'Secured' option
    Add a Section to the new Subpage
    Add the new attribute to the subpage section

  5. Views > Resource List > [Layout]
    Add the new attribute to this list

    Resource List > [Options]

    Attribute Value Protection = 'Use display conditions and secured subpages to protect attribute values on this list'

  6. Views > Select Resource List > [Layout]
    Add the new attribute to this list

    Select Resources List > [Options]

    Attribute Value Protection = 'Use display conditions and secured subpages to protect attribute values on this list'

  7. Admin Tool > Resources > Locate the administrator user
    Global Rights > Select and Add the new subpage security access rights
    Resource mySubpage - Edit All
    Resource mySubpage - View All

  8. Main Application > Resources
    Edit a few Resource Properties to add a value to the new attribute

  9. Return to the Resource List view
    The attribute values can be seen because the Administrator user currently has the right to View/Edit the attribute

  10. Navigate to a Project > Team tab > click 'Add' button
    The attribute values can be seen because the Administrator user currently has the right to View/Edit the attribute

  11. Admin Tool > Resources > Locate the administrator user
    Global Rights > Remove the new subpgate security access rights

  12. Main Application > Resources
    The Resource List View is working as expected, the attribute values do not appear

  13. Navigate to a Project > Team tab > click 'Add' button
    The 'Select Resource' view is not working as expected, the attribute values are appearing when they should not

Expected Result: Only users who have access right can see secured attributes.
Actual Result: All users can see secured attributes.

Solution:

WORKAROUND:

Avoid placing secured attributes on the 'Select Resource' list until this issue is resolved. Direct users to look at the 'Resource List View' for this attribute value to show up or not as expected.

STATUS/RESOLUTION:

This issue is documented as CLRT-54134 and is planned for a Clarity 12 Service Pack.

Keywords: CLARITYKB, CLRT-54134, clarity12open.

Environment

Release: ESPCLA99000-12.1-Clarity-Extended Support Plus
Component:
Powered by Wolken Software