Dominic Bauer requested to merge 356735-auditor-cannot-see-project-policies into master May 02, 2022

Why is this change being made?

Currently, users of auditor type do not have read-only access to security policies. This change rectifies this by adding the missing permission rule.

Related to #356735 (closed)

How to verify

Create a scan result/scan execution policy for some project
Create and sign in a new user of type auditor
Navigate to the project
Observe that the "Policies" navigation element is rendered:
Verify that the previously created policy is listed:
Verify that the auditor user cannot edit, delete or update policies.

Edited May 03, 2022 by Dominic Bauer