System allows unauthorized access to worklist assignments
Assignemnts which are assigned to a user can be accessed by a different user.
Steps to Reproduce
- Log in to the application
- Access a different user's worklist through the Dashboard
- Click the assignment link. Application opens the assignment instead of displaying an error message
An issue in the custom application code or rules.
ResolutionHere’s the explanation for the reported behavior:
The managers and administrators have perform access roles so they can access other user assignments.