Closed adamg-hmcts closed 1 month ago
github-actions[bot]
commented
1 month ago This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
github-actions[bot]
commented
1 month ago This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Before: CCD search fields are configured by specifying a case field to perform searches against and are available to all user roles by default, but can optionally be specified per role to limit access.
Currently in config generator, when a case field is used in a search field, we grant all user roles read permissions for the case field to ensure they can perform searches, without first checking which roles have permission to view the search field. This introduces the risk of data breaches because some users are given read permissions for case fields they should not have access to.
After: User roles are only granted case field read access on the basis of a search field if they have access to the search field.
Change description
https://tools.hmcts.net/jira/browse/NFDIV-4327