-
Suggestion
-
Resolution: Unresolved
-
11
-
Problem Definition
As per Important notice: Upcoming changes to Jira Cloud REST APIs to improve user privacy in the future the key and name attributes will be removed from the user object returned in REST API calls.
With that in mind, REST API consumers will only be able to identify users through the accountId, emailAddress(which can be null depending on user privacy) and displayName attributes.
In case the user privacy is set so the emailAddress is not returned and the user has changed his display name to something unrelated to him how can site-admins determine what user they are dealing with just by the accountId?
Suggested Solution
If compliant to the GDPR law implement an access level on the REST API calls which will recognize the user making the calls as a site-admin and thus return the user email or full name history for better identification.
Current state
The privacy changes have been rolled out and at the current state, site-admins can only see the email information from all users regardless of their privacy settings through the UI.
This means that through the user-related rest endpoints site-admins won't be able to see the email address of users depending on their privacy settings.
If the email address fetched from Atlassian is being used by any integrations please refer to the below documentation to get your integration migrated into a connect app or to use 3LO and thus get access to the specific endpoint to get user email addresses:
Does the user have the ability to decide who they reveal their email to, or just whether it is visible or not? We'd like to request a feature where we can put a setting on our Jira instance that would require a user to reveal their email address to our admin users in order to accept an invitation to join our instance.
So for example, the user receives an email invitation to join the instance and in order to accept it, they have to check a box that says they are allowing their email to be visible to the admin users of the instance.