Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-34389

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      Regression of JRA-4935

      When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL users(via the project table portlet), if they have any kind of permission to see this project or not.

      So all users can see this project, but can't see any issues within it. Thats not very good, as we want to keep our customers strictly seperated from one another and we have a lot of projects. That would be very confusing if you see lots of projects in your dashboard, but only one or two of them are relevant to you and the rest is empty.

      Workaround to restrict issue view to Reporter and Browse Project to only a specific group of users:
      If a Project is only relevant to one or several groups

      1. Add the related groups to the Role(Users) and remove unrelated groups that shouldn't see the project.
      2. Set Create and Browse permissions for Role(Users). (Remove 'Reporter' from Browse Project permission)
      3. Use Issue level security to restrict viewing to Reporter
        Result: only users in the Role(Users) see the project and Browse only it's own Reported issues.
        Step by step instructions to set Security Level at How to limit user to only browse issues assigned to or reported by them

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              bb13e57032de Gerd Gueldenast
              Votes:
              134 Vote for this issue
              Watchers:
              119 Start watching this issue

              Dates

                Created:
                Updated: