docs/release-notes/v2.4.0.md

# AEGIS Security Dashboard — v2.4.0

**Released:** June 24, 2026

## What's New

- **Team-based data access** — the dashboard now enforces your team assignment at the server level. You will only see findings, compliance data, and CARD assets belonging to your assigned business unit(s). If you don't see data you expect, contact your admin to verify your team assignment.

- **Role-based page access** — pages are now tailored to your role. You'll only see navigation items relevant to your responsibilities:
  - **Read_Only** users see Home and Knowledge Base
  - **Leadership** users additionally see Vuln Triage, Compliance, CCP Metrics, and Exports
  - **Standard_User** users additionally see Jira Tickets and Archer Templates
  - **Admin** users see all pages including the Admin Panel

- **View As (Admin only)** — Admins can now temporarily view the dashboard as any other user by clicking the eye icon in User Management. This shows exactly what that user sees — their pages, their data, their permissions. An amber banner indicates when viewing as another user, with an Exit button to return to your own view.

- **Homepage redesign** — the Home page now features a recent activity feed, tabbed sidebar layout, and drag-and-drop document upload for faster CVE documentation.

- **Secure connections** — the dashboard now supports HTTPS with automatic certificate detection.

## Improvements

- **Compliance uploads** — file size limit increased to 100MB to support larger weekly compliance spreadsheets.
- **Granite Loader on Compliance** — generate Granite Loader Sheets directly from the Compliance page with CARD asset enrichment and pagination.
- **Cleaner activity feed** — administrative system events are no longer shown to non-admin users, reducing noise in the Recent Activity panel.

## Fixes

- **Reporting page toolbar** — the bulk action toolbar no longer disappears when scrolling down the findings list.
- **BU tracking** — resolved an issue where BU reassignment history could log incorrect "previous team" values.

## Notes

- If you have not been assigned a team yet, you will see a message prompting you to contact your administrator. This is expected — your admin needs to set your BU team assignment in User Management for the new data scoping to work.
- Your existing workflows are unchanged. The data you see is now guaranteed to match your team assignment rather than relying on page-level filters.
- Admins: the "View As" feature is useful for verifying a new user's setup before sharing their credentials. It exercises real permission checks — what you see in View As mode is exactly what that user will see.
Add user-facing release notes for v2.4.0 Create docs/release-notes/v2.4.0.md with end-user release notes suitable for email distribution — no code references, plain language, written from the user's perspective. 2026-06-24 16:13:43 -06:00			`# AEGIS Security Dashboard — v2.4.0`

			`Released: June 24, 2026`

			`## What's New`

			`- Team-based data access — the dashboard now enforces your team assignment at the server level. You will only see findings, compliance data, and CARD assets belonging to your assigned business unit(s). If you don't see data you expect, contact your admin to verify your team assignment.`

			`- Role-based page access — pages are now tailored to your role. You'll only see navigation items relevant to your responsibilities:`
			`- Read_Only users see Home and Knowledge Base`
			`- Leadership users additionally see Vuln Triage, Compliance, CCP Metrics, and Exports`
			`- Standard_User users additionally see Jira Tickets and Archer Templates`
			`- Admin users see all pages including the Admin Panel`

			`- View As (Admin only) — Admins can now temporarily view the dashboard as any other user by clicking the eye icon in User Management. This shows exactly what that user sees — their pages, their data, their permissions. An amber banner indicates when viewing as another user, with an Exit button to return to your own view.`

			`- Homepage redesign — the Home page now features a recent activity feed, tabbed sidebar layout, and drag-and-drop document upload for faster CVE documentation.`

			`- Secure connections — the dashboard now supports HTTPS with automatic certificate detection.`

			`## Improvements`

			`- Compliance uploads — file size limit increased to 100MB to support larger weekly compliance spreadsheets.`
			`- Granite Loader on Compliance — generate Granite Loader Sheets directly from the Compliance page with CARD asset enrichment and pagination.`
			`- Cleaner activity feed — administrative system events are no longer shown to non-admin users, reducing noise in the Recent Activity panel.`

			`## Fixes`

			`- Reporting page toolbar — the bulk action toolbar no longer disappears when scrolling down the findings list.`
			`- BU tracking — resolved an issue where BU reassignment history could log incorrect "previous team" values.`

			`## Notes`

			`- If you have not been assigned a team yet, you will see a message prompting you to contact your administrator. This is expected — your admin needs to set your BU team assignment in User Management for the new data scoping to work.`
			`- Your existing workflows are unchanged. The data you see is now guaranteed to match your team assignment rather than relying on page-level filters.`
			`- Admins: the "View As" feature is useful for verifying a new user's setup before sharing their credentials. It exercises real permission checks — what you see in View As mode is exactly what that user will see.`