-
Suggestion
-
Resolution: Fixed
-
None
-
0
-
6
-
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
Users shouldn't be suggested on the watcher list if they don't have the 'Browse Project' permission.
Currently, user without any access to JIRA will still be suggested to be a watcher and only be prompted by a 'no permission' message when selected.
- duplicates
-
- Closed
- is related to
-
- Gathering Interest
- relates to
-
- Closed
- supersedes
-
- Closed
[JRACLOUD-39771] Users shouldn't be suggested on the watcher list if they don't have the 'Browse Project' permission
Just cross-posting this message from what I believe is a duplicate feature request:
In a company-managed software project, only users with the Browse Projects project permission will appear in the Watchers dropdown.
In the following example, Morty does have the Browse Projects project permission:
And this is how it appears when I remove Morty's Browse Projects project permission:
Could the watchers of this issue provide steps to reproduce - does this request perhaps only refer to certain project types?
+1 - yeah this is something that would be nice to keep configured. Thank you
I'm a little surprised there's been no activity or feedback from Atlassian on this issue. It seems like a major security issue. We'd like to run multiple Service Desk projects for different clients. And the clients should be fully isolated from each other - no visibility into users from other companies, etc. This bug makes that impossible. Is there a workaround that I'm missing?
As I have not received any responses to this comment I am closing this ticket.
If you disagree with the closing of this ticket, please add a comment here saying why and we can reopen it.