Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-31014

Add new permission level for changing project lead

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Won't Do
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Hi Atlassian,

      We have noticed that a project administrator is able to change his project's lead.

      This is a security problem in our opinion since the permission scheme grants special rights (e.g. Delete issue) only to the project admin. This can be bypassed by any administrator today and violates our security policies!

      Also our project charging is based on the project leads cost center, so the charging could be faked to a dummy account.

      If there were some trace regarding the administrators activities the impact for us would not be that high. But the way it is now, is a real security issue for us!

      So we suggest to let just the project lead or jira administrator change the project lead. Or at least have some permission "Change project lead" would also help.

      Please consider fixing this soon! We have customers that have already complained about this.

      Regards,
      Dieter

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-31014 Add new permission level for changing project lead

          • Closed

          Activity

            People

              Unassigned Unassigned
              571a7f401a6f Dieter Greiner
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: