Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Hi Atlassian,
We have noticed that a project administrator is able to change his project's lead.
This is a security problem in our opinion since the permission scheme grants special rights (e.g. Delete issue) only to the project admin. This can be bypassed by any administrator today and violates our security policies!
Also our project charging is based on the project leads cost center, so the charging could be faked to a dummy account.
If there were some trace regarding the administrators activities the impact for us would not be that high. But the way it is now, is a real security issue for us!
So we suggest to let just the project lead or jira administrator change the project lead. Or at least have some permission "Change project lead" would also help.
Please consider fixing this soon! We have customers that have already complained about this.
Regards,
Dieter
Attachments
Issue Links
- relates to
-
JRACLOUD-31014 Add new permission level for changing project lead
- Closed