Grant auditor role read-access to security policies
Why is this change being made?
Currently, users of auditor type do not have read-only access to security policies. This change rectifies this by adding the missing permission rule.
Related to #356735 (closed)
How to verify
-
Create a scan result/scan execution policy for some project
-
Create and sign in a new user of type auditor
-
Navigate to the project
-
Observe that the "Policies" navigation element is rendered:
-
Verify that the previously created policy is listed:
-
Verify that the auditor user cannot edit, delete or update policies.
Edited by Dominic Bauer