Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-31014

Add new permission level for changing project lead

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Won't Do
    • None
    • None
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Hi Atlassian,

      We have noticed that a project administrator is able to change his project's lead.

      This is a security problem in our opinion since the permission scheme grants special rights (e.g. Delete issue) only to the project admin. This can be bypassed by any administrator today and violates our security policies!

      Also our project charging is based on the project leads cost center, so the charging could be faked to a dummy account.

      If there were some trace regarding the administrators activities the impact for us would not be that high. But the way it is now, is a real security issue for us!

      So we suggest to let just the project lead or jira administrator change the project lead. Or at least have some permission "Change project lead" would also help.

      Please consider fixing this soon! We have customers that have already complained about this.

      Regards,
      Dieter

      Attachments

        Issue Links

          relates to

          Suggestion - JRACLOUD-31014 Add new permission level for changing project lead

          • Closed

          Activity

            People

              Unassigned Unassigned
              571a7f401a6f Dieter Greiner
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: