Details
-
Suggestion
-
Resolution: Fixed
-
MS Windows XP SP3
Description
Problem Description
- People page is listing out all users in the FishEye/Crucible instance without permission settings. Anybody can view any others 'easily', this create a privacy issue. E.g. a user's activity shall be visible to his/her project teammates.
Further information from forums
The "People" button in Fisheye 2.0 has brought up privacy and security concerns.
Is it possible to make the People button ether part of a permission scheme, a plug-in that can be disabled, or hack it so that only people "you relate to" are displayed.
The concern is if User A in project 1 knows knows User B is a specialist in Function X, then watching that user will show User A all the spots where Function X is being deployed.
This information could open up cases of increased risk to insider trading etc.
Attachments
Issue Links
- is related to
-
CRUC-2368 People tab can be extremely slow when you have a large number of users
- Closed