Read-Only fields during VR false-positive review

mgroversigital · ‎09-26-2023

Hello,

Out-of-box, when a false positive request is made for VR, the system appears to set all fields to read-only and hides the journal fields such as work notes/comments. There is an ask to open up the work notes during the approval process so that approvers can make comments/ask questions before approving/rejecting.

I have checked all of the usual suspects like UI policies, client scripts, data policies, even business rules, and I also don't see anything in the ACL's limiting access. Does anyone know what underlying code is controlling the read-only/hiding work notes while in the 'In Review' stage? I'm looking to see if this can be modified or if I can implement a work-around to open up work notes while in review.

Thanks!

Matt

Saurav11 · ‎09-26-2023

Hello

Can you check the write ACL on sn_vul_app_vulnerability table I see that the write access is provided only when the state is one of below while in review is state 11

Please mark my answer as correct based on Impact.

View solution in original post

Saurav11 · ‎09-26-2023

Hello

Can you check the write ACL on sn_vul_app_vulnerability table I see that the write access is provided only when the state is one of below while in review is state 11

Please mark my answer as correct based on Impact.

mgroversigital · ‎09-26-2023

Hello Saurav,

Yes, it was the write ACL. I think I got tunnel vision because the work notes/additional comments fields got completely hidden, but that makes sense since they're journal fields. I was mostly looking at read ACL's initially. Thanks again!