← Back to all posts

Viewer permissions allow unauthorized batch editing of assets/products and hide Share action for collections🔵

Users with the Viewer role can access the Batch Edit menu for assets and products and modify fields such as Asset Type, Status etc., which should not be allowed. Additionally, viewers do not see the Share button on the Collection Details page, even though they are permitted to share collections.

Steps to Reproduce:

Log in as a user with the Viewer role.
Navigate to Assets Library or Products and select multiple items.
Observe that Batch Edit options are visible on batch edit menu bar.
Navigate to a Collection Details page.
Observe that the Share button is not visible.

Expected Result:

Viewer users cannot see or use Batch Edit options for assets or products.
Viewer users can see and use the Share button on the Collection Details page.

Actual Result:

Viewer users can access Batch Edit options and modify asset/product fields.
Viewer users cannot see the Share button on the Collection Details page.

Please authenticate to join the conversation.

Upvoters

Status

Completed

Board

🐛 Report an Issue

Tags

Medium Priority

+2

Date

2 months ago

Author

Svitlana

Subscribe to post

Get notified by email when there are changes.

Upvoters

Status

Completed

Board

🐛 Report an Issue

Tags

Medium Priority

+2

Date

2 months ago

Author

Svitlana

Subscribe to post

Get notified by email when there are changes.