Notifications

267 views

Description

Starting in New York, modifications to Visual Task Boards perform list_edit operations and thus must pass list_edit ACLs. Any restrictions previously intended to limit list editing now also unexpectedly applies to Visual Task Boards.

Steps to Reproduce

  1. Create a list_edit operation ACL on the incident table with the Script: answer=false;
  2. Impersonate an ITIL user (e.g. Beth Anglin)
  3. Navigate to Visual Task Boards and create a new Data Driven(Guided) Task Board on the incident table by the Assigned To field
  4. Attempt to change VTB cards from one lane to another

    Results:
    Receive Error Message 'You do not have the permissions to modify this record'

Workaround

This is expected behaviour. The VTB list_edit feature can be turned off by creating the system property "glide.vtb.enable_list_edit_acl" and setting it to false.


Related Problem: PRB1367563

Seen In

New York Patch 1
New York Patch 1 Hot Fix 1
SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - GRC Workbench - New York 2019 Q3
SR - IRM - PA Premium Integration - New York 2019 Q3
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - ITOM - CMDB CI Class Models - 201908
SR - ITOM - Discovery and Service Mapping - 201908
SR - ITOM - Discovery and Service Mapping - v1.0.35
SR - ITOM - Fundamentals Istanbul Jakarta Kingston r1 - v5.99.6
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Have I Been Pwned Integration - New York 2019 Q3
SR - SIR - Palo Alto AutoFocus Integration - New York 2019 Q3
SR - SIR - Palo Alto WildFire Integration - New York 2019 Q3
SR - SIR - PhishTank Kingston r1 - v5.0.9
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Splunk Sighting Search Integration - Madrid 2019 Q1
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - SIR - VirusTotal Integration - New York 2019 Q3
SR - SIR - WHOIS Integration - New York 2019 Q3
SR - VR - Qualys - New York 2019 Q3
SR - VR - Rapid7 - London 2019 Q2 v.6.2.1
SR - VR - Shodan Exploit - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3
SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2
SR Hybrid Analysis Kingston r1 - v5.0.9

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-06-19 11:29:36
Published:2020-05-31