Details
-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
None
-
None
Description
Recently Updated or Recently Update Dashboard will display Blog updates even though Space Admin permissions are set to No access to Add or Remove blog. And the Space Home page is also set to View Restrictions. This seems to be a bug that would allow access to blogs when you are trying to lock them down.
Ideally, Atlassian should consider applying the Page View & Edit Restriction concept to blogs. Similar to CONF-5332 issue, you should be able to set access to certain blogs only. For instance, I have a HR space. We blog all our corporate events and important HR news. However,my HR team cannot post anything that they don't want everyone in the company to see.
Even if we live within the current security model, we still have the bug with Recent Update list that allow non-approved users access to blog postings.
I listed as major since any security/permission bug could be very costly to a company.
Attachments
Issue Links
- duplicates
-
CONFSERVER-3305 Extend page permissions to work on news
- Closed
