I believe this issue might be a duplicate of JRACLOUD-36896 – Limit User Picker to members of certain groups/roles in System Fields which has more votes.

I recommend that watchers of this issue vote on and watch the above issue. So that votes aren't split, I believe this ticket should be closed, but I will wait a week before taking any action in case anyone disagrees. Thank you!

How is this a suggestion? Customers that are using Jira Software to participate as Product Owners now can easily and accidentally see a list of other customers and their email addresses. Data they should not be able to see as that data is almost always under NDAs.

This is a bug and it affects my team. One of my customers reported this to me.

This is also an issue for my company where by we have multiple clients and development teams that should not have visibility of each other. 

This definitely would be worth an examination from a privacy concern. 

Hi 

I recently came across this bug – my thinking is that when you select the project (service desk or software project) the 'Reporter' field should filter down to those with permissions within the project. 

To retain the feature why not offer a check box that allows the full (across all projects) list to be displayed.

Then whoever is raising the ticket can't accidentally assign the wrong reporter 

re: GDPR 

I think with GDPR this loophole may actually be breaking some rules because you're allowing PII data to be available/viewable to others (in other projects) that maybe shouldn't be able to view those email addresses? 

Example. Would you want a personal email address (thinking customer) or a work email address linked to a project or service desk that that user has no links to or knowledge of --albeit/granted the user has no way of accessing it.

Maybe it just needs a bit more thought or at least an ability to filter 

See also JRACLOUD-69393.

I wonder if some of the distinction between a customer and agent in JIRA Service Desk can also be moved into the JIRA Software world. So have public / private notes, watcher + participant, etc.

I see a lot of strong opinions here, but I am hoping that the implementation will differentiate.

For our uses, we absolutely want the reporter to be the person who reported the issue. Regardless of their JIRA access to our project. I don't want this to go away.

For those complaining about this not being done yet, remember that your use case is not the global use case, and could have negative impact on many other JIRA cloud users.

Thank you Dave Meyer for thinking critically here.

Great, I'm setting my expectations high on this. 

Hi kostantin.stambolov2110934825, we do not have a projected timeline for when this would be supported.

Hi Dave,

It's great that you have all agreed to reopen the issue.

As we all know, there are issues that have stayed open more than 10 years. Simply reopening it to show "action" does not change the situation much.

What's the commitment to this issue? We know that 1 months already have passed since we have raised it.