Affects Version/s: 2.5.1
Fix Version/s: 2.5.1
Security Level: Public (Public: Anyone can view)
KULRICE-2354 KIM Permission Service Test KULRICE-4356 KIM permission for laborEnterpriseFeederFileSetType (FSKD-528) KULRICE-7185 Optimization of KIM Permission Checks KULRICE-6015 Document the various Rice KIM permissions KULRICE-3735 KIM Permission templates are queried from the DB too often KULRICE-4898 Remove org.kuali.rice.kew.web.session.Authentication and calls to it. Replace with KIM permissions. KULRICE-11190 KEW Training: Adding KIM Permission Exercise KULRICE-4566 Permission details can't be modified/created through KIM Permission screen KULRICE-4803 Add unique constraint on KIM permission namespace:name KULRICE-7458 Restore the display of permission/responsibility details on KIM Inquiries
Sprint:Middleware 2.5.1 Sprint 2
KAI Review Status:Not Required
KTI Review Status:Not Required
Code Review Status:Not Required
Include in Release Notes?:Yes
This is related to
KULRICE-13090, where it was desired to create a set of KIM permissions which would allow the following scenario…
A KIM principal receives a Travel Account Maintenance document in its “Action List”, and is able to see the Notes and Attachments section of that document, but is not be able to see the “Download Attachment” button.
Currently, DocumentAuthorizerBase.canViewNoteAttachment() is called, once to authorize for the visibility of the Notes and Attachments section, and once to authorize for the visibility of the “Download Attachment” button. Authorization for the “Download Attachment” button can be based on “attachment type code”, as canViewNoteAttachment() takes that as an optional parameter.
I attempted to get the needed KIM permissions in place, but was unsuccessful. I consulted with Kristina, who provided some additional investigation, and it was decided to write up a Jira case to further investigate the situation.
The goals of this case are …
- Determine the KIM permissions and roles for the above scenario.
- If KIM modifications are required, implement those, if they are minor. Any major KIM changes should first be reviewed by a KIM expert.
- Add an AFT to DemoTravelAccountMaintenanceViewPermissionAft.java to test the scenario.
|Field||Original Value||New Value|
|Fix Version/s||2.5.1 [ 17833 ]|
|Assignee||Jonathan Keller [ jkeller ]|
|Rice Team||Middleware [ 16023 ]|
|Sprint||Middleware 2.5.1 Sprint 2 [ 412 ]|
|Status||Open [ 1 ]||In Progress [ 3 ]|
|Status||In Progress [ 3 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|