Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Component/s: User - Role
Labels:
None

Support reference count:
1
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Issue Summary

User access admins can assign product admin roles for Confluence, which potentially allows them to escalate their own privileges and gain access to spaces they should not have access to

Steps to Reproduce

On a site with Jira Software and Confluence, assign the user access admin role to a user for both Jira Software and Confluence.
Login as the user access admin and go to User Management.
Invite another user to the site
Grant the Product admin role for both Jira Software and Confluence.

The Product admin role is allowed to be granted for Confluence but not for Jira

Confluence :

Jira

Suggestion

A user access admin should only be able to manage user access, and not administrator access to the products they are a user access administrator for

Workaround

Do not use the user access administrator role for Confluence, or monitor to ensure any inappropriate use is captured.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Confluence.png
200 kB
07/Apr/2024 11:23 PM
image-2023-11-28-12-27-56-689.png
26 kB
07/Apr/2024 11:23 PM
image-2023-12-11-13-46-02-910.png
200 kB
07/Apr/2024 11:23 PM
Jira.png
185 kB
07/Apr/2024 11:23 PM

Issue Links

is cloned from

ID-8431 User access admins can't assign product admin role for Jira

Gathering Interest

is blocked by: CES-34851 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Delaney

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Apr/2024 11:23 PM

Updated:: 09/Apr/2024 4:01 AM