PRB: User Without Administrator Rights Can Edit Existing Records (166136)


The information in this article applies to:

  • Microsoft Anomaly Tracking System 1.0, when used with:
    • Microsoft Visual Studio, Enterprise Edition 6.0
This article was previously published under Q166136

SYMPTOMS

When logging on to the Anomaly Tracking System (ATS), a user who does not have Administrator rights can make text and property changes to existing records. These could be records that were entered by other users.

MORE INFORMATION

Every time a change is made to an existing record, the details of the change can be viewed by looking at the History tab of the record. Whenever a change is made to an existing record, the User ID along with the date of the change is listed with the description of the changes.

Steps to Reproduce Behavior

  1. Add a user without Administrator rights to ATS.
  2. Log back into ATS as the new user.
  3. Run the "All Issues" query.
  4. Open one of the existing records shown in the "All Issues" results dialog box.
At this point, any of the text and settings on the Detail, History, or Attributes tabs can be modified. Once any changes have been made, the Save option is enabled.
Modification Type:MinorLast Reviewed:8/11/2005
Keywords:kbprb KB166136
©2004 Microsoft Corporation. All rights reserved.