I am experiencing this issues as well, but only in few cases. The user did not restrict visibility of the email, yet I get 

"emailAddress":""

I cannot find the difference with other user profiles which work fine.

Yesterday, this seems to have reverted to blocking portal-only email addresses again.  We believe that it started around 8 hours ago in our instances.  We need to be able to grab the issue.fields.reporter.emailAddress via API.  Users should also be able to see those email addresses in the UI.

Likely due to settings when testing. Changes have been made since this issue was reported. 

Hi ben.slade, greg.draper310998593

It looks like there is a problem with gsync on your organisation that is causing the problem where users authenticating with different auth mechanisms can't see email addresses. This should be fixed shortly, someone from our identity team is going to reach out to your gsync site admins via email. Apologies for the confusion that has caused.

Cheers,

Harry

Hi ben.slade

Thanks I will get those accountIds looked at and we can see what's going on there.

For #1, apologies my reply to Greg was incorrect (there was some confusion internally). If an email address is set to "only me and admins" the email can only be seen by admins in the usermanagment console. You might be able to use the usermanagment api though ( https://developer.atlassian.com/cloud/admin/user-management/rest/). My reply to Andrey was correct. Sorry for the confusion.

Hi akiyanovskiy

ScriptRunner is a connect app and they run under different rules. I've asked someone from our ecosystem team to reply to you with more information.

Hi Harry,

Thank you for the information. I think we have an issue with the user we run REST API calls under. User related events in ScriptRunner can't be run on behalf of a user, only under ScriptRunner user. But ScriptRunner user has always been an admin and should have access to all information as admins by default. It looks like if you were asking each and every our admin user to sign a legal agreement with Atlassian. Why can't we tell by ourselves who should have admin permissions?

Hi Harry Day, 

In response to your followup questions for Greg above - I can provide answers there. I've just run the same calls and experiencing the same problems that he is referencing: 

For #3 the user doing the request is AccountID: 557058:5415f2c8-d88a-406c-9746-30f202baf67c (an organization admin user) and the user I'm requesting is AccountID: 5bb37d9ee441cd77203a8c2f  (email visibility is set to organization) 

For #1 in your comment back to Greg you said "only organization admins can see email address in rest apis." in both cases we are requesting from an organization Admin user so according to your answer it should return the email address of those users (with visibility set to only admin and me) but it does not.

It also seems like you told Greg one thing and then told  Andrey the opposite with your last sentence in your last comment.

Hi akiyanovskiy

Replying here so that others looking for information might find it as well.

We can't include email address in webhooks because webhooks are not authenticated as a user and thus we're legally obligated to only return public data.

When you make the call to the rest API are you authenticated as a user or a connect app? Connect apps can only get public data unless they apply for an exemption through our legal department (due to gdpr rules).

You may also be running into the problem that user profile data is eventually consistent. It can take up to 5m for email address to populate. You will be able to tell if this is the case because the user's display name will be "Failed to retrieve user <aid>".

Finally admins can only get access to "only me and admins" email addresses in user management not the rest API. You might be able to use the user management API if the accounts are all managed accounts ( https://developer.atlassian.com/cloud/admin/user-management/rest/#auth)

Cheers,

Harry

Hi Harry, it seems like the email address is not available only for just created users in the user_created event handler. Please refer to PSCLOUD-31259.

greg.draper310998593 for your last problem (number 3) could you give me the Atlassian account id of the user doing the request and the user you are requesting? We are looking at options for number 2 and that will be addressed in the JSDCLOUD ticket. For 1 only organisation admins can see email address in rest apis  admins can only see email addresses in the user management console (edited, apologies original response was incorrect)

akiyanovskiy can I ask more information about your use case as a quick test worked for me, but I may be doing something different:

• What form of authentication are you using to make the request/is your request being made in a connect app?
• What is the privacy settings of the user account you are looking up? (and what is the account id)
• Is the user you are using to do the lookup an organisation admin (and what is there account id). Also are they a managed account in the org?