Inherited Permissions are displayed incorrectly for Attributes

[azturner]

Please go through all the tasks below

• [X] Check this box only after you have successfully completed both the above tasks

Please provide a brief description of the problem. Please do not forget to attach the relevant screenshots from your side.

When viewing security settings on a person attribute, it does not show Inherited Permissions from the Attribute entity even though it enforces that inherited permission.

Expected Behavior

If security for person attributes is checking security on the Attribute entity type, it should be reflected when viewing the Security settings for the person attribute.

Actual Behavior

Security on the Attribute entity is used/enforced even though it does not appear in the Inherited Permissions list

Steps to Reproduce

• Go to Admin > Security > Entity Administration
• Edit the Security for the 'Rock.Model.Attribute' Entity and add an Item Permission denying all user's Edit access:

• Go to Admin > General Settings > Person Attributes
• Edit the Security for any person attribute ("Employer" for example)
• Notice the inherited permissions do not show the item permission we just added to the Attribute Entity and it appears that a Rock Admin should be able to edit this attribute.

• Go to a user profile logged in as a Rock Admin
• Try to edit the "Employer" attribute.
• You will not be able to (screenshot is in edit mode for the Employment category)

• If you remove the "All User" Deny item permission from the Attribute Entity's Edit tab, you will be able to edit the attribute on the person profile.

Rock Version

v14.2, v15.0

Client Culture Setting

en-US