Uploaded image for project: 'Admin Experience'
  1. Admin Experience
  2. AX-207

User email address is not returned to organization admin via REST API

XMLWordPrintable

    • Severity 3 - Minor
    • 1

      Issue Summary

      Users are able to restrict the visibility of their email address https://id.atlassian.com/manage-profile/profile-and-visibility is how this is done for managed and unmanaged accounts.  For managed account, the most restrictive setting is only share with me and my administrators.  However the Jira Cloud REST API does not correctly identify which users are organization/site-admins that should have access to user email addresses when calling the /rest/api/3/user endpoint and supplying the accountId.

      Steps to Reproduce

      1. Create a managed user account from an domain, such as example.com
      2. Using that account visit https://id.atlassian.com/manage-profile/profile-and-visibility and set the email visibility to either "Organization" OR "Only you and admins"
      3. Using an organization admin account (that might be from a different domain than the one claimed by that org, say domain.com in this instance), confirm that you can see this user's email address in the admin.atlassian.com UI
      4. Using an admin account, make a REST API GET call to the endpoint GET /rest/api/3/user where you supply the accountId of the account in question

      Expected Results

      We expect that any site-admin or any organization admin would have that ability to retrieve that user's email address from that specific endpoint.  We are aware of the changes rolled out in https://developer.atlassian.com/cloud/jira/platform/profile-visibility/ however Administrators are still expected to be able to access this information.  The REST API should honor this privilege based on the user's account permissions

      Actual Results

      No email address is returned in the API call, nor the email field at all.

      {"self":"https://[redacted].atlassian.net/rest/api/3/user?accountId=[redacted]",
"accountId":"[redacted]",
"accountType":"atlassian",
"avatarUrls":{[redacted]},
"displayName":"John Doe",
"active":true,"timeZone":"America/Chicago",
"locale":"en_US",
"groups":{"size":1,"items":[]},"applicationRoles":{"size":1,"items":[]},"expand":"groups,applicationRoles"}

      Workaround

      Using the REST API:

      • Try making the REST API call using a user account from the same email domain as the end user in question

      Outside of using the REST API:

              Unassigned Unassigned
              aheinzer Andy Heinzer (Inactive)
              Votes:
              7 Vote for this issue
              Watchers:
              21 Start watching this issue

                Created:
                Updated:
                Resolved: