I would expect that the default behavior for adding new users to a Project via the People box would include ONLY users that are already synced through the approved Managed Accounts. It maybe should even be limited to only users that are included in whichever Default User Group is being used for giving Jira Product access.
Having the People adding process prompt the creation of emails has created unwanted users on multiple engagements as well it slows down the People allocation process . By continually throwing in these false emails while I'm trying to parse to determine the proper active users to add to the said project slows down the User Management process, not to mention introduces problems.
The following is an example that actually happened this weekend, during a clients server to cloud migration. But is far too common an occurence.
During the migration, the People section for every Project somehow got stripped out by JCMA so none of the migrated projects had any users. So three site admins had to, by hand, start adding in users into the People's sections for all the projects so we could finish the UAT and get ready for work Monday. However, when I double checked this morning, I saw that where they'd meant to add the Jira User Group, "QA" they had instead created a user named qa@points.com
and another one called qa@adaptavist.com. And those users were spread throughout the projects that were meant to give access to a Group of QA Analysts, but instead two unwanted user accounts were created that weren't wanted or planned.
Now, obviously people need to be careful and double check their work, but as Admins we all know the best way to avoid garage from being introduced into the database is to control how we allow data to be funneled in. This seems like a mistake that on Cloud, that this isn't toggle-able. I would expect on Cloud, where security has been touted as highest priority with the launch of Guard, that it wouldn't be so easy to accidentally add users from outside the organization. Why wouldn't we want this to focus on adding Users from within the Org with higher affinity to adding users from outside. Also, I don't like having to tell clients that we can't turn it off despite it being against their InfoSec policies? This needs to be taken more seriously than it has been.
Thanks
Suggestion
I would expect that the default behavior for adding new users to a Project via the People box would include ONLY users that are already synced through the approved Managed Accounts. It maybe should even be limited to only users that are included in whichever Default User Group is being used for giving Jira Product access.
Having the People adding process prompt the creation of emails has created unwanted users on multiple engagements as well it slows down the People allocation process . By continually throwing in these false emails while I'm trying to parse to determine the proper active users to add to the said project slows down the User Management process, not to mention introduces problems.
The following is an example that actually happened this weekend, during a clients server to cloud migration. But is far too common an occurence.
During the migration, the People section for every Project somehow got stripped out by JCMA so none of the migrated projects had any users. So three site admins had to, by hand, start adding in users into the People's sections for all the projects so we could finish the UAT and get ready for work Monday. However, when I double checked this morning, I saw that where they'd meant to add the Jira User Group, "QA" they had instead created a user named qa@points.com
and another one called qa@adaptavist.com.
And those users were spread throughout the projects that were meant to give access to a Group of QA Analysts, but instead two unwanted user accounts were created that weren't wanted or planned.
Now, obviously people need to be careful and double check their work, but as Admins we all know the best way to avoid garage from being introduced into the database is to control how we allow data to be funneled in. This seems like a mistake that on Cloud, that this isn't toggle-able. I would expect on Cloud, where security has been touted as highest priority with the launch of Guard, that it wouldn't be so easy to accidentally add users from outside the organization. Why wouldn't we want this to focus on adding Users from within the Org with higher affinity to adding users from outside. Also, I don't like having to tell clients that we can't turn it off despite it being against their InfoSec policies? This needs to be taken more seriously than it has been.
Thanks