[ID-6734] Disabling the _Users can invite others_ tickbox still allows regular users to invite other people

Type: Bug
Resolution: Not a bug
Priority: Low
Component/s: None
Labels:
None

Bug Fix Policy:
View Atlassian Cloud bug fix policy

Issue Summary

Environment

Jira or Confluence Cloud

Steps to Reproduce

Navigate to the User Management area
un-tick the box for Users can invite others
With this functionality disabled, regular users can still invite other people and this invitation will not grant access but send an access request to the site-admins

Expected Results

With this functionality disabled, regular users cannot invite other users at all

Actual Results

Regular users can still invite other users, but these newly invited users will not have access directly granted. An access request will be created for site-admins to approve

Workaround

No workaround available.

relates to

ID-6682 Improve Request Access feature

Future Consideration

mentioned in: Page Failed to load

Form Name

carlos.marin added a comment - 13/Jun/2022 10:24 AM - edited

it seems that this functionality will be disabled here:

https://jira.atlassian.com/browse/ID-6682

Does not make sense that any current user can invite to others (even external to the organization) if the company has other policy to add users to Atlassian products. For example someone has to do the request for a contractor and someone has to approve, before the Jira admin add that people to the site.

That "expected behaviour" should be reconsider.

carlos.marin added a comment - 13/Jun/2022 10:24 AM - edited it seems that this functionality will be disabled here: https://jira.atlassian.com/browse/ID-6682 Does not make sense that any current user can invite to others (even external to the organization) if the company has other policy to add users to Atlassian products. For example someone has to do the request for a contractor and someone has to approve, before the Jira admin add that people to the site. That "expected behaviour" should be reconsider.

Martin Vali added a comment - 06/Apr/2022 2:02 PM

+1 here

Martin Vali added a comment - 06/Apr/2022 2:02 PM +1 here

Karen Waters - External added a comment - 06/Dec/2021 4:26 PM

Terrible feature. Users should not be able to invite users whether it goes to admin or not.

Karen Waters - External added a comment - 06/Dec/2021 4:26 PM Terrible feature. Users should not be able to invite users whether it goes to admin or not.

daniel.sneto added a comment - 11/Aug/2021 5:23 AM

Very bad still today we need to create rules in our mail service because Atlassian cannot allow a simple thing like block invitation, even on SAML verified accounts.

daniel.sneto added a comment - 11/Aug/2021 5:23 AM Very bad still today we need to create rules in our mail service because Atlassian cannot allow a simple thing like block invitation, even on SAML verified accounts.

Daniel Le Lant added a comment - 27/Feb/2020 12:00 PM - edited

Agreed with Leigh. this needs more thought than being closed. You should at least have the ability to disable all invite functionality from base users

Daniel Le Lant added a comment - 27/Feb/2020 12:00 PM - edited Agreed with Leigh. this needs more thought than being closed. You should at least have the ability to disable all invite functionality from base users

leigh.webster added a comment - 14/Jan/2020 11:21 PM

This is a pretty crappy "feature" to be honest and you should be able to switch this off.

We invite specific client contacts to collaborate in our environments. Now they have the ability to invite their friends along and us in IT will start getting random requests to add people we aren't aware of.

leigh.webster added a comment - 14/Jan/2020 11:21 PM This is a pretty crappy "feature" to be honest and you should be able to switch this off. We invite specific client contacts to collaborate in our environments. Now they have the ability to invite their friends along and us in IT will start getting random requests to add people we aren't aware of.

James Henderson added a comment - 07/Feb/2019 9:48 AM - edited

Ah, the good old 'it's not a bug, it's a feature'. Shame.

Can you at least put the user who requested the access on either the notification, or the request?

At the moment, the email we get is as follows (names/emails changed):

'Dave (dave345@gmail.com) wants to join https://<subdomain>.atlassian.net. Check out Dave's profile.

Approve their request to send them an invite. They won't have access until you approve.'

which very much implies that it's an external user that's requested access (and no, we don't and have never had that box ticked).

Maybe this could be something like 'John Davies requested that dave354@hotmail.com be given access ...'? (where 'John Davies' would be one of our employees)

(background - I've been assured by your CS rep that this email was generated from this same 'feature' - so, either the checkbox doesn't work and external users can still request access, or the copy in this email doesn't really reflect what's happened)

James Henderson added a comment - 07/Feb/2019 9:48 AM - edited Ah, the good old 'it's not a bug, it's a feature'. Shame. Can you at least put the user who requested the access on either the notification, or the request? At the moment, the email we get is as follows (names/emails changed): 'Dave (dave345@gmail.com) wants to join https://<subdomain>.atlassian.net. Check out Dave's profile. Approve their request to send them an invite. They won't have access until you approve.' which very much implies that it's an external user that's requested access (and no, we don't and have never had that box ticked). Maybe this could be something like 'John Davies requested that dave354@hotmail.com be given access ...'? (where 'John Davies' would be one of our employees) (background - I've been assured by your CS rep that this email was generated from this same 'feature' - so, either the checkbox doesn't work and external users can still request access, or the copy in this email doesn't really reflect what's happened)

Kieren (Inactive) added a comment - 07/Feb/2019 4:06 AM

Closing this issue, as it's expected behaviour.

If 'Users can invite others' is not ticked, then the user cannot invite other users... Instead they make a request to their Admin to invite another person. The admin can then approve or deny the request.
No email is sent to the new user until the admin approves the request and the new user isn't added to the user base (so they're not billed)
If the admin deny's the request, they can fill in a custom message, and we'll email the user who made the request. Telling them that their request was denied and to contact their admin for further info.
There is no way to turn off the request access function (yet), but there is a feature request for it - https://jira.atlassian.com/browse/ID-6682
The point of this feature is to give users a way to contact their admin, if they want someone else to collaborate with them on their product.

Kieren (Inactive) added a comment - 07/Feb/2019 4:06 AM Closing this issue, as it's expected behaviour. If ' Users can invite others' is not ticked, then the user cannot invite other users... Instead they make a request to their Admin to invite another person. The admin can then approve or deny the request. No email is sent to the new user until the admin approves the request and the new user isn't added to the user base (so they're not billed) If the admin deny's the request, they can fill in a custom message, and we'll email the user who made the request. Telling them that their request was denied and to contact their admin for further info. There is no way to turn off the request access function (yet), but there is a feature request for it - https://jira.atlassian.com/browse/ID-6682 The point of this feature is to give users a way to contact their admin, if they want someone else to collaborate with them on their product.

Assignee:: Unassigned

Reporter:: Claudiu Lionte (Inactive)

Affected customers:: 1 This affects my team

Watchers:: 22 Start watching this issue

Created:: 28/Jan/2019 9:48 AM

Updated:: 13/Jun/2022 10:27 AM

Resolved:: 07/Feb/2019 4:06 AM

Details

Description

Issue Summary

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: carlos.marin added a comment - 13/Jun/2022 10:24 AM, Edited by carlos.marin - 13/Jun/2022 10:27 AM

Expand comment: carlos.marin added a comment - 13/Jun/2022 10:24 AM, Edited by carlos.marin - 13/Jun/2022 10:27 AM

Collapse comment: Martin Vali added a comment - 06/Apr/2022 2:02 PM

Expand comment: Martin Vali added a comment - 06/Apr/2022 2:02 PM

Collapse comment: Karen Waters - External added a comment - 06/Dec/2021 4:26 PM

Expand comment: Karen Waters - External added a comment - 06/Dec/2021 4:26 PM

Collapse comment: daniel.sneto added a comment - 11/Aug/2021 5:23 AM

Expand comment: daniel.sneto added a comment - 11/Aug/2021 5:23 AM

Collapse comment: Daniel Le Lant added a comment - 27/Feb/2020 12:00 PM, Edited by Daniel Le Lant - 27/Feb/2020 12:01 PM

Expand comment: Daniel Le Lant added a comment - 27/Feb/2020 12:00 PM, Edited by Daniel Le Lant - 27/Feb/2020 12:01 PM

Collapse comment: leigh.webster added a comment - 14/Jan/2020 11:21 PM

Expand comment: leigh.webster added a comment - 14/Jan/2020 11:21 PM

Collapse comment: James Henderson added a comment - 07/Feb/2019 9:48 AM, Edited by James Henderson - 07/Feb/2019 9:59 AM

Expand comment: James Henderson added a comment - 07/Feb/2019 9:48 AM, Edited by James Henderson - 07/Feb/2019 9:59 AM

Collapse comment: Kieren (Inactive) added a comment - 07/Feb/2019 4:06 AM

Expand comment: Kieren (Inactive) added a comment - 07/Feb/2019 4:06 AM

People

Dates