-
Suggestion
-
Resolution: Fixed
-
3
-
34
-
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
Hi everyone,
Thanks for voting and commenting on this issue. Your input in the comments helps us understand how this affects you and what you're hoping to accomplish with JIRA.
At this time, this suggestion is not on the JIRA development roadmap. Please remember that jira.atlassian.com is one of many inputs for the JIRA roadmap. You can learn more about our process here.
I understand that our decision may be disappointing. Please don't hesitate to contact me if you have any questions.
Regards,
Dave Meyer
dmeyer@atlassian.com
Product Manager, JIRA Platform
When adding watchers, the user-picker dialog should only show users who have access to the project.
We have multiple projects running on one JIRA installation, and users are generally not allowed on all projects.
Looking through lots of users is a bit painful, and security-wise it might also be bad.
- duplicates
-
- Gathering Interest
- is duplicated by
-
JRACLOUD-79130 Portal-only users can be mentioned using (@), added as Watchers and set as Reporter in Software projects.
-
- Closed
-
-
- Closed
- is related to
-
JRACLOUD-39682
"Assignee" and "reporter" pickers in issue search expose user data
-
- Closed
-
-
- Closed
-
- Gathering Interest
-
- Gathering Interest
- relates to
-
- Closed
-
- Closed
-
- Closed
[JRACLOUD-7776] When adding watchers, the user-picker dialog should only show users who have access to the project.
As I didn't receive any responses to this comment I am closing this ticket.
If you disagree with the closing of this ticket, please add a comment here saying why and we can reopen it.
Hey db76a2fba298 thanks for your response.
I'm just trying to reproduce the issue described here and haven't been able to.
In a company-managed software project, only users with the Browse Projects project permission will appear in the Watchers dropdown.
In the following example, Morty does have the Browse Projects project permission:
And this is how it appears when I remove Morty's Browse Projects project permission:
Could the watchers of this issue provide steps to reproduce - does this request perhaps only refer to certain project types?
This issue is actually more pressing (and much older, and, thus, bitter) than https://jira.atlassian.com/browse/JRACLOUD-36896 was. That being said, I voted on the other one.
This one can expose companies using Jira to financial ruin given the GDPR law. Since May 2018. The possibility of being sued for using an Atlassian product related to this very request has been there for about 55 months now.
I know Atlassian is Australian (maybe they "don't get EU's hard privacy laws"?) and that this issue may not be an easy fix (though it might seem so from user's perspective). But I also know that Australia has some state-of-the-art, pro-consumer laws, so it is especially baffling, since these laws entitle consumers "to a repair, replacement or refund if a product or service they buy doesn't meet one of the basic rights".
Which most likely means that if Australia has it's own privacy law similar to GDPR, then Atlassian, by surely having at least one Australian customer, may be in breach of Australian law, as well as inducing headache to every customer from EU?
Update 5Jan22: I've decided not to close this as a duplicate since JRACLOUD-36896 specifically mentions System Fields (e.g. Reporter and Assignee) whereas this one does not. Watchers of this issue may still wish to vote on JRACLOUD-36896 as well.
I believe this issue is a duplicate of JRACLOUD-36896 – Limit User Picker to members of certain groups/roles in System Fields. Although this issue is older, the above one has more votes.
I recommend that watchers of this issue vote on and watch the above issue. So that votes aren't split, I believe this ticket should be closed, but I will wait a week before taking any action in case anyone thinks both issues should continue to exist. Thank you!
Also +1 from me. GDPR is no joke. One news story implicating Atlassian as the cause of a privacy breach and penalty will make "user interest" in this issue irrelevant to the scores of customers Jira will lose as a result.
And for the Jira employee tasked to close this for not having enough support, PLEASE look at the DOZENS of similar requests closed for "not having enough support" only to force another identical request to be created. I think you are splitting the vote by continually closing requests for this feature rather than getting a true view of your customers' wishes.
If this bug is not resolved and the companies with JIRAs set up do not turn the watchers off, they risk financial penalties (read: ruin) for breaching GDPR EU law if anyone vindictive gets the wind of this.
Atlassian can literally lose their clients (to their bankruptcy) because said clients using an Atlassian product.
13 years later, this is still a problem and wastes lots of time and energy. I'm wondering if Atlassian is a good solution for handling multiple separate project on the same cloud instance.
Gabriel Radic
added a comment - - edited 13 years later, this is still a problem and wastes lots of time and energy. I'm wondering if Atlassian is a good solution for handling multiple separate project on the same cloud instance.
Hello,
As this has now be done for Jira Server JRASERVER-7776 When adding watchers, the user-picker dialog should only show users who have access to the project. - Create and track feature requests for Atlassian products., will it be done für Cloud as well?
Or at least something similar like ID-8128 Limit User Picker to members of certain groups/roles in System Fields in Jira Software and Jira Work Management and JIRA Service Management - Create and track feature requests for Atlassian products.?
Actually we have all our customers (Servicedesk users) available our watcher list of our software projects, which are only internal and where they have no access. So the list is not just overloaded and hard to find the right person, moreover if somebody choose the wrong person, a customer gets an email with informations to an internal issue!