These steps are able to bypass the check:
1. Login as Admin
2. Create a new SLA
3. Copy the JSON rest model for the SLA
4. Login as a user who doesn't have access to a feed used by the SLA
5. Call POST /v1/feedmgr/sla with the JSON rest model for the SLA
The call fails with access denied exception.
The call succeeds and the SLA is updated.
The check is also not done for:
good catch.. i will fix the first issue.
The Assessments is a known item. I dont have access checks around that yet
created to track the 1 outstanding issue. Closing this jira