Users are currently permitted to create a new Extra when they specify the extra in a PJ change request line item. This is being done even though we have NOT permitted them to create extras in their security role. This is technically a security issue and should be resolved. In summary, if a users security profile has dissallowed them from creating a new Extra then that user should not be able to create them on the fly anywhere in the software.

by: Stephen B. | over a year ago | 2 Project Management