Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-34389

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.




      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.


      Status Update

      Hi everyone,

      We have reviewed the status of this issue and there are not currently plans to fix this bug in Jira Cloud. Extensive analysis over the last couple years has indicated that the complexity of addressing this bug without causing performance degradation for customers using permission schemes with user custom field grants is significant. Based on the number of customers that have actually been affected, we cannot justify the effort required to address it at this time.

      Thanks for your understanding.

      Dave Meyer
      Senior Product Manager, Jira Cloud



      Regression of JRA-4935

      When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL users(via the project table portlet), if they have any kind of permission to see this project or not.

      So all users can see this project, but can't see any issues within it. Thats not very good, as we want to keep our customers strictly seperated from one another and we have a lot of projects. That would be very confusing if you see lots of projects in your dashboard, but only one or two of them are relevant to you and the rest is empty.

      Workaround to restrict issue view to Reporter and Browse Project to only a specific group of users:
      If a Project is only relevant to one or several groups

      1. Add the related groups to the Role(Users) and remove unrelated groups that shouldn't see the project.
      2. Set Create and Browse permissions for Role(Users). (Remove 'Reporter' from Browse Project permission)
      3. Use Issue level security to restrict viewing to Reporter
        Result: only users in the Role(Users) see the project and Browse only it's own Reported issues.
        Step by step instructions to set Security Level at How to limit user to only browse issues assigned to or reported by them


        Issue Links



              Unassigned Unassigned
              bb13e57032de Gerd Gueldenast
              44 Vote for this issue
              59 Start watching this issue