Solved

Permissions for filters in SOR list view

  • 21 September 2023
  • -
  • -
M
Rank
Badge

Context: I have a user whose global permissions are contributor, but have editor roles for particular programs. When this user uses the SOR list views, they can see all the program objects for their assigned program, but when they attempt to filter by “owner” or “tag”, the option list does not populate.

Example: While working within a project, this user should be able to see all the controls owned by a particular person (all controls are owned by a group, and the person is a part of specific groups). When they try to filter by a particular person, the drop down list of owners is entirely blank. When I try to filter by this same person, I have all persons and groups listed. My colleague, who is a global editor, sees what I see.

icon

Best answer by amanda.koski 27 September 2023, 22:18

View original

3 replies

amanda.koski
Rank
Userlevel 4
Badge +2

Hello @MarkK! Based on your description, it sounds like this is a permissions-related issue involving both global and program-specific roles in ZenGRC.

In ZenGRC, permissions are additive, meaning they're granted rather than limited. At the global level, your user is a contributor, which means they should have the capability to view, edit, or comment on objects they've created or are assigned to. On the program level, they have an editor role, which should allow them to create and update all objects within that specific program.
Your user's issue with not seeing options in the "owner" or "tag" filters may be related to how object-specific permissions interact with both global and program roles. When a user is assigned to an object, they should acquire Write access to that object and Read access to all first-level mapped objects. This could potentially explain the limitation your user is experiencing.

For a more detailed understanding, you might want to visit our article on role-based permissions here: Role-Based Permissions. If your user still encounters difficulties after reviewing this guide, please let us know!

M
Rank
Badge

Thanks for the response, @amanda.koski. I’m wondering if visibility by permissions are somehow applied to people and ownership groups? Because the user is only a contributor, with editor permissions added to see controls, they are unable to see the ownership groups and people in their filters, even though the attached ownership objects show up within the controls. I don’t know how visibility via permissions are taken into account when generating objects within filter settings for other objects.

amanda.koski
Rank
Userlevel 4
Badge +2

Hey @MarkK -
They may have editor access on an object, but that applies to one object.

I think to get to the bottom of this we are going to need a little more information. Our support team is creating a ticket and will be reaching out to shortly. Thank you! 

Reply


Terms & ConditionsCookie settings
I'm not ready yet X