-
Suggestion
-
Resolution: Unresolved
Problem Definition
The feature is to provide a way for existing users to Requests Access to another product (within the same site) that they don't have access to, and to allow existing users to Request Access for new users.
Note: This feature does not allow users to self signup, but to only request access via an Admin. The existing 'Users can invite other users' checkbox in the Site Access settings, allows a user to invite another user without any Admin approval.
Suggested Solution
Improve Request Access to allow Admins to:
- Configure the 'Grant Access’ button to give access to default groups + custom groups / projects
- Allow admins to receive the notifications in the system, and/or define a particular group to receive the notification (so not all site admins have to receive it)
- Handle duplicate requests for access correctly (i.e. only show one request)
- Remove requests for access if the admin grants access via Groups, the User List or User Details page
- Create an additional option to ignore the request in cases where the administrator does not want to revoke this access forever.
- Provide additional options in the User Invites settings, to allow for more flexibility. e.g. Invites to approved domains without any Access Request ability.
- Ability to disable the access request to products when organisations have a defined process of provisioning access
Currently in development:
- Nothing
Completed:
- Provide a better indicator on the Admin page that there are pending access requests
- Update the "Grant Access" and "Deny Access" buttons to reflect what they actually do, "Approve Request" (which adds the product access) and "Deny Request" (which does nothing to any existing product access, but just denies the request...)
- Fix the pagination issue for large lists of requests
- https://jira.atlassian.com/browse/ID-6651 - Allow notifications to be more flexible for each domain added.
- https://jira.atlassian.com/browse/ID-7692 - Allow admins to turn this off completely if it doesn't fit their approval procedures
- causes
-
- Gathering Interest
- is duplicated by
-
- Closed
- is related to
-
ID-6734 Disabling the _Users can invite others_ tickbox still allows regular users to invite other people
-
- Closed
-
-
- Closed
-
- Gathering Interest
-
- Gathering Interest
-
ENT-1292 Loading...
- relates to
-
-
- Closed
-
-
- Closed
-
- Closed
-
- Closed
-
- Gathering Interest
- depends on
-
- is action for
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[AX-1392] Improve Request Access feature
yes, PLEASE allow Admins the ability to disable the "try/request an application" feature.
Concur with Mike A's comment. Additionally, there are Atlassian products we will not be using (Jira Service Management, for example). Users requesting trials of JSM in our environment is a waste of their time and a waste of the System Admins time. I would like to see the option of being able to block requests for applications we are not using.
Allow users to request whatever Atlassian products they want to trial can get annoying. Sometimes it generates management questions about a particular product that just doesn't fit into our environment. We should at least have an option to indicate 'No' we are not purchasing Jira and prevent future annoying requests for these products.
Karri Adkins comment is spot on. We waste an inordinate amount of time dealing with such requests. As I said earlier, if this feature is enabled, system admins must have the ability to disable self-nominations and the nominations of others.
Honeslty I don't know why this is even a "thing". Why do we even allow requests this method? I will not give users access unless I know for sure they are allowed to have access as we do not give everyone access to everything especially when it impacts cost. Users should be going through proper channels w/i their organization. If I had any option I want to turn this off. I don't want access requests this way. It is a rule of engagement that has zero value for us and wastes my time managing it b/c I can't automatically deny them.
And I never want an JSM Agent inviting another Agent. This is not appropriate. They do not manage cost nor access for our organization nor should they even be allowed to invite users to help desks. Horrible rule of engagment that goes against policy.
Happy New Year, everyone! May it be filled with joy, success, and - who knows - maybe even some miracles. Like Atlassian resolving to fix this bug. We can dream, right?
If this feature is provided, system admins should have control over who can request what and for whom. In other words self-nomination and nomination of others should be allowed or disallowed on an installation-wide basis.
With nothing currently in development by Atlassian to address these issues, we've released an app to put some automation into admins hands to better control product access. With the Admin Automation app, it doesn't matter which invite or user access setting you have turned on, you can automatically remove product access for any user if they're not in one of your 'key' groups. The app will sync users from any group, into any other group, e.g.
- You can remove any user from jira-users-* or confluence-users-*, if they're not in your special 'All users' group. This is a simple and quick way to ensure new users can't get access/invited to any products without being in your 'key' group.
- You can sync an IdP group into any of the Atlassian default product groups.
- You can sync users from the jira-users-* group into the confluence-users-* group, ensuring that Jira users always have access to Confluence as well.
Hopefully it can help some of the people on this thread!
-Kieren
Co-Founder @ Smol Software | Ex-Atlassian
Agree with previous comments, really annoying coming in to emails every day, asking for Atlassian tooling which we don't use and which hasn't been approved.