IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • None
    • None
    • None

      Recently Updated or Recently Update Dashboard will display Blog updates even though Space Admin permissions are set to No access to Add or Remove blog. And the Space Home page is also set to View Restrictions. This seems to be a bug that would allow access to blogs when you are trying to lock them down.

      Ideally, Atlassian should consider applying the Page View & Edit Restriction concept to blogs. Similar to CONF-5332 issue, you should be able to set access to certain blogs only. For instance, I have a HR space. We blog all our corporate events and important HR news. However,my HR team cannot post anything that they don't want everyone in the company to see.

      Even if we live within the current security model, we still have the bug with Recent Update list that allow non-approved users access to blog postings.

      I listed as major since any security/permission bug could be very costly to a company.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

              • Icon: Bug Bug
              • Resolution: Duplicate
              • Icon: Medium Medium
              • None
              • None
              • None

                Recently Updated or Recently Update Dashboard will display Blog updates even though Space Admin permissions are set to No access to Add or Remove blog. And the Space Home page is also set to View Restrictions. This seems to be a bug that would allow access to blogs when you are trying to lock them down.

                Ideally, Atlassian should consider applying the Page View & Edit Restriction concept to blogs. Similar to CONF-5332 issue, you should be able to set access to certain blogs only. For instance, I have a HR space. We blog all our corporate events and important HR news. However,my HR team cannot post anything that they don't want everyone in the company to see.

                Even if we live within the current security model, we still have the bug with Recent Update list that allow non-approved users access to blog postings.

                I listed as major since any security/permission bug could be very costly to a company.

                        Unassigned Unassigned
                        5efcee5eeed0 Stephanie Gallert
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        1 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Unassigned Unassigned
                            5efcee5eeed0 Stephanie Gallert
                            Affected customers:
                            0 This affects my team
                            Watchers:
                            1 Start watching this issue

                              Created:
                              Updated:
                              Resolved: