Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Planner Security Bug

admin
usage
security

I have security set up so Developers can move an item in the workflow status from "Coding" to "Development Closed" and from here a Manager can move the status from "Development Closed" to "Testing Opened", if the developer tries to edit the item. They can't change the workflow status.

Once it's at "Testing Opened", the software tester can move the status to Test Planning and Execution, and then to "Testing Passed" or "Testing Failed" and the Manager can then move it back if more work is required.

The Developers and Software Testers cannot change the status other than forward or backwards within the small area of the workflow and this works perfectly when editing an item.

But when they're in the Planner, they can drag the item to any of the workflow areas they don't have rights to. When they right click and edit, it doesn't allow a futher status change, but of course, they've been allowed to change the status with drag and drop.

Is there a fix for this, or a workaround to stop users without rights changing the status of an item?

Thanks, Greg
Greg Martin
· 1 		Greg Martin
Thursday, November 8, 2012, 2:37:09 PM
Replies (5)
helpful
0
not helpful

This is by design, the planner permssion is there for this reason.
Mark Wing
· 9108 		Mark Wing
Thursday, November 8, 2012, 2:45:03 PM
helpful
0
not helpful

Not sure what part of my question this answers.

Are you suggesting then, that the planner completely ignores user security by design? So just don't use the planner? Or have you misunderstood the question and what I see as a bug.

The story: I'm a user who is not allowed to change an item status from "Testing Opened" to "Development Closed" when manually editing it respects the security. Yet, I can use the planner to by pass the security and be allowed to drag the item from "Testing Opened" to "Development Closed".

Surely, it should should only allow me to drop items on to statuses I'm allowed to change an item to in the workflow?
Greg Martin
· 1 		Greg Martin
Thursday, November 8, 2012, 2:55:26 PM
helpful
0
not helpful

The planner is there for a specific way of work. It will ignore workflow security.
Mark Wing
· 9108 		Mark Wing
Thursday, November 8, 2012, 2:57:21 PM
helpful
1
not helpful

There is no specific way of working here Mark, otherwise it would follow the rest of the systems processes.

I would also argue that admiting to designing a "portal" in the system that allows any user to by-pass your security is not coding by design, it's just careless :lol:

Well, it looked useful and impressive, but as it stands, useless. I'll hide it from my users.
Greg Martin
· 1 		Greg Martin
Thursday, November 8, 2012, 3:08:45 PM
helpful
0
not helpful

I agree with Greg. Planner is great tool. The fact it ignores workflow rules just make it much less appealing, if not useless.

Any chance this is changed in the future? What it that "specific way of work" you mention?

Thanks, Daniel
Daniel
· 1 		Daniel
Friday, December 28, 2012, 11:51:58 AM