Starting in New York, moving cards between swim lanes in a Visual Task Board gives a "You do not have the permissions to modify this record" because of list_edit ACL (KB0784383)

Description

Known affected versions:
New York Patch 1

Known unaffected versions:
Madrid Patch 7

Issue Description:
Starting in New York, modifications to Visual Task Boards perform list_edit operations and thus must pass list_edit ACLs. Any restrictions previously intended to limit list editing now also unexpectedly applies to Visual Task Boards.

Steps to Reproduce

Create a list_edit operation ACL on the incident table with the Script: answer=false;
Impersonate an ITIL user (e.g. Beth Anglin)
Navigate to Visual Task Boards and create a new Data Driven(Guided) Task Board on the incident table by the Assigned To field
Attempt to change VTB cards from one lane to another

Results:
Receive Error Message 'You do not have the permissions to modify this record'

Workaround

For the customers already using this as a feature, it can be turned off by creating a system property "glide.vtb.enable_list_edit_acl" and setting it to 'false'.

Related Problem: PRB1367563

Seen In

	New York Patch 1
	New York Patch 1 Hot Fix 1
	SR - IRM - Audit Management - New York 2019 Q3
	SR - IRM - GRC Profiles - Madrid 2019 Q2
	SR - IRM - GRC Workbench - New York 2019 Q3
	SR - IRM - PA Premium Integration - New York 2019 Q3
	SR - IRM - Policy and Compliance - Madrid 2019 Q2
	SR - IRM - Risk Management - New York 2019 Q3
	SR - IRM - Vendor Risk Management - Madrid 2019 Q1
	SR - ITOM - CMDB CI Class Models - 201908
	SR - ITOM - Discovery and Service Mapping - 201908
	SR - ITOM - Discovery and Service Mapping - v1.0.35
	SR - ITOM - Fundamentals Istanbul Jakarta Kingston r1 - v5.99.6
	SR - Security - Integration Framework - Madrid 2019 Q2
	SR - Security - Support Common - Madrid 2019 Q2
	SR - Security - Support Orchestration - Madrid 2019 Q2
	SR - SIR - Have I Been Pwned Integration - New York 2019 Q3
	SR - SIR - Palo Alto AutoFocus Integration - New York 2019 Q3
	SR - SIR - Palo Alto WildFire Integration - New York 2019 Q3
	SR - SIR - PhishTank Kingston r1 - v5.0.9
	SR - SIR - Security Incident Response - Madrid 2019 Q2
	SR - SIR - Splunk Sighting Search Integration - Madrid 2019 Q1
	SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
	SR - SIR - Store Threat Core - Madrid 2019 Q2
	SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
	SR - SIR - Threat intelligence - New York 2019 Q3
	SR - SIR - VirusTotal Integration - New York 2019 Q3
	SR - SIR - WHOIS Integration - New York 2019 Q3
	SR - VR - Qualys - New York 2019 Q3
	SR - VR - Rapid7 - London 2019 Q2 v.6.2.1
	SR - VR - Shodan Exploit - New York 2019 Q3
	SR - VR - Vulnerability Response - New York 2019 Q3
	SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2
	SR Hybrid Analysis Kingston r1 - v5.0.9

Description

Steps to Reproduce

Workaround

Seen In

Associated Community Threads

Article Information

Notifications

Description

Steps to Reproduce

Workaround

Seen In

Associated Community Threads

Article Information