Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-37023

Current Assignee on a security level allows a user creating issues to select these security levels even if that user cannot be assigned

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Let's say you have some security levels set for a particular project, and in some levels there is a Current Assignee permission.

      If a user has the permission to create issues in a project, that user is able to select any issue security level which has the Current Assignee permission, even if the user can't be assigned due to other permissions.
      This holds in the following scenarios:

      1. The user is NOT an Assignable User.
      2. The user is NOT the default assignee as per the project config.

      The user then ends up creating an issue which he/she cannot see due to the other permissions as per above.

      There should be a check for Assignable User before allowing the user to see and select those security levels.

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-37023 Current Assignee on a security level allows a user creating issues to select these security levels even if that user cannot be assigned

          • Closed

          Activity

            People

              Unassigned Unassigned
              dleng Daniel Leng (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: