Time report & Issue / Project visibility
I have the following scenario:
- Project A is accessible by everyone
- Project B is only visible for let's say me
The security scheme of project A is everyone can do everything.
The security scheme of project B only allows me to do something.
Now I log time on issues in project A and in project B.
Any user now can go to Project A and click "Time Tracking", getting an overview of time logged by all users on the project.
In this list he can click on the name of a user and now he gets the time sheet of that specific user, including the project and issues that should not be visible to him !
Is there a security setting I can set to prevent this rather strange behaviour ?
First I thought it might be caused to the isuue visibility attribute, so I changed this from everyone to a specific project group to which only I am assigned, but this did not change anything.
It would be better in this case to restrict the time sheet to issues related to the project. The reason you click on a name is to see on which issue of the project that user has worked.
Kind regards.
Tom
tomgeens
· 1 |
|
Thursday, July 24, 2008, 5:41:50 PM |