Clarity

  • Private Community

  • 1.  Secured sub page attribute editable in Task Gantt

    Posted Jun 18, 2017 02:23 AM

    Hello All,

    Greetings!!!

     

    I have a question here. I created a Custom attribute on Task Level and placed it in Secured Sub Page. It is not editable from List Layout. But it is editable from Task Gantt layout. In this way.. there is a security breach.

     i have 

    tried removing each right manually and found that Project - Edit Financial – All” was enabling the user to edit the attribute on Gantt.

    What i want to understand is  What about other fields we place on the secured subpages? What about custom attributes? Is attribute value protection completely not working at all on Task level??.

     

    Thanks and Regards,

    Sai.



  • 2.  Re: Secured sub page attribute editable in Task Gantt

    Posted Jun 19, 2017 04:32 PM

    Hi

     

    I'd suggest to log a ticket wit CA support. From your description, it looks like a product defect.



  • 3.  Re: Secured sub page attribute editable in Task Gantt

    Posted Jun 20, 2017 01:30 AM

    Yes . I agree with Aurora.It seems like a product bug.



  • 4.  Re: Secured sub page attribute editable in Task Gantt

    Posted Jun 20, 2017 04:57 AM

    Hi Sai, 


    You can raise a Support case CA Support but as per as I can remember it is true that a resource having Project - Edit Management - All access right will be able to edit any attributes for any project. 

     

    Project - Edit Management - All

    Allows user to edit the general and management properties, staff and tasks for any project that has been enabled for management. This includes the ability to add sub-projects to that project as well as to edit it in Microsoft Project and Open Workbench. This right also allows the user to create processes on any project and to edit the processes that he or she creates.

    But still you can check with CA Support if  it is expected an expected behavior that a resource having the given access right will not require any other access rights to edit an attribute that is placed in the secured subpage. Hope that helps. 

     

    Thanks,

    Abhisek Dhar



  • 5.  Re: Secured sub page attribute editable in Task Gantt

    Posted Jul 04, 2017 01:50 AM

    Hi Abhisek - based on what you have written this would mean that if I have a secured sub-page against say the 'Team' object that the right "Project - Edit Management - All" overrides this sub-page security?

     

    I had raised an idea https://communities.ca.com/ideas/235735450-extend-sub-page-level-security-on-the-team-object-to-extend-to-list-views to address this. But it looks like what you are saying is that I need to remove the "Project - Edit Management - All" right from the relevant groups for the sub-object - sub-page security to take effect.