Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Duplicate
Component/s: Project Administration - Fields, Issue Types, and Layouts
Labels:

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

As mentioned in ~~JRA-18076~~ and ~~JRA-23255~~, the predefined group anyone poses security risks in many cases as it exposes projects to unauthenticated users.

I tend to think that in 90% of Jira instances that group has no use and is just a security risk dangling over our heads.

I would suggest an option to enable that group so it is not possible to share a filter or give a permission to anyone unless the group is enabled through that new option.

By default, it should be disabled. This way, administrators who knowingly want to allow anonymous access would need to change the setting, and maybe read some warning (see ~~JRA-18076~~)

is related to

JRASERVER-39912 Add global option "Enable group <anyone>"

Closed

relates to

JRACLOUD-18076 Warn about assigning "Anyone" group in Global and Project permissions

Closed

JRACLOUD-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

Closed

Assignee:: Unassigned

Reporter:: RémiS

Votes:: 12 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 11/Sep/2014 5:28 PM

Updated:: 19/Sep/2019 5:55 AM

Resolved:: 15/Jul/2016 5:08 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates