Open visagansanthanam-unisys opened 10 months ago
I would like to propose that a separate "Download BOM" permission be introduced instead. Uploaded BOMs do not typically have vulnerability information, but the download BOM options allow for vuln data to come with it. We'd like to better control who has access to the more sensitive downloaded BOM files, independently from the upload BOM permission.
Current Behavior
Granting a user with BOM_UPLOAD permission currently does not provide access for the members the ability to download SBOM. currently only the PROJECT_CREATION_UPLOAD permission grants access to download SBOM
Steps to Reproduce
Expected Behavior
Both Upload BOM and Download BOM options should be be enabled.
Dependency-Track Version
4.9.1
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist