User Permission Editor: Working location displays in accounts outside the scope of the permission

3.12

If a user has the ASSIGN_WORK_ORG_UNIT permission (for assigning Working Locations) assigned at the system or branch level and opens the User Permission Editor for an account outside the permission depth, the top org unit of that user's system displays in the Working Locations list.

In testing, I used a BR2 staff account.

System depth test:

1) Log in to an account with the following perms (make sure the EVERYTHING permission is not assigned):

 - VIEW_PERMISSION assigned at depth=0 (stock)
 - ASSIGN_WORK_ORG_UNIT assigned at depth=1

2) Open the User Permission Editor for an account within your system (S1). The correct working locations are displayed (BR1, BR2, SL1).

3) Open the User Permission Editor for an account outside your system (S2). Just your system's top org unit will be in the list (BR1).

Branch depth test:

1) Log in to an account with the following perms:

 - VIEW_PERMISSION assigned at depth=0 (stock)
 - ASSIGN_WORK_ORG_UNIT assigned at depth=2

2) Open the User Permission Editor for an account within your branch (BR2). The correct working locations are displayed (BR2).

3) Open the User Permission Editor for an account outside your branch (BR1). Just your system's top org unit will be in the list (BR1).

4) Open the User Permission Editor for an account outside your system (S2). Just your system's top org unit will be in the list (BR1).

You are still not able to assign a working location for that account because of the perm depth, but ideally, I think you shouldn't see any working locations listed in accounts you can't assign working locations to. ASSIGN_WORK_ORG and VIEW_PERMISSION are both needed to view working locations, so I'm not quite sure if one permission or both are the issue.