security by default

Description

I granted this permission editing the 'custom-permissions-mapping.properties' adding profile|User=[flownode_visualization]

I think that this permission should be granted by default because I suppose that will be usually to need access to those kinds of variables from pages and forms.

Environment

Production

Steps to reproduce

design a form that accesses to an activityVariable by API. If the profile is 'administrator' there is no problem but if the profile is 'user' the security API check blocks the access.

Workaround

None

External Link

None

Status

Assignee

Unassigned

Reporter

Javier Sánchez Etchegaray

Reference

None

Components

Affects versions

7.5.4
Configure