Timesheet visibility restriction doesn't take effect for all defined scenarios

Issue #529 invalid
Former user created an issue

This is related to the issue 453 which I reported some time ago.

For the specification of the visbility restriction this excel sheet was created. The last described scenario (line 27) doesn't seem to work properly. I have the following situation.

Timesheet Configuration

In the timesheet configuration I have chosen a group called Timesheet Auditors in the Timesheet Auditors Group configuration and for the Timesheet Restricted Groups configuration I have selected the group Developers.

Profile Configuration

My profile is member of the Timesheet Auditors and Developers. I am also a member of the Jira-Users group.

Expected Result

I should be able to see timesheets of all user in the Developers group but I shouldn't see the timesheets of members in the Technican group.

Actual Result

I can see the timesheets of developers as expected. But I can also see the timesheets of the technicans which must not be possible.

If the visibilty logic doesn't restrict the logic to the groups from the Timesheet Restricted Groups but instead considers all groups in which a time sheet auditor is member, a possible explanation could be the membership in the super group Jira-Users. Because every developer and technican is a member of this group.

Comments (8)

  1. Andriy Zhdanov

    Hi Moerten,

    It's more important that you have 'Developers' group in 'Timesheet Restricted Groups'. I guess Tehcnicans are also members of Developers group.

    Thank you.

  2. Former user Account Deleted

    My problem is that it should be a combined configuration. Following I describe the requirements for this scenario:

    1. In order to see timesheets of other jira user, a user must be in the Timesheet auditor group.
    2. Timesheet auditors must only see timesheet of groups defined in the 'Timesheet Restricted Groups' and only if he is also part of this group.

    Technicans are part of a different department that's why they are not member of the developer group.

  3. Former user Account Deleted

    I need to correct my last statement. I talked to the configuration manager and indeed technicans are also part of the developer group. Hence, my observation is incorrect.

  4. Log in to comment