Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-80562

Restrict "/rest/api/2/dashboard" to only users in the instance and not anonymous users

XMLWordPrintable

    • 3
    • 5

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      the customer wants to restrict access to the following API, they don't want the list of dashboards to be public visible

      Get all dashboards
GET /rest/api/2/dashboard

Returns a list of dashboards owned by or shared with the user. The list may be filtered to include only favorite or owned dashboards.

This operation can be accessed anonymously.

Permissions required: None.

Connect app scope required: READ

OAuth scopes required: 
read:jira-work

       

       

      Atlassian
      The public API mentions that: "This operation can be accessed anonymously." 
       
      Please refer to this documentation about the share permissions. Quote from the documentation:

      Public—Public sharing means sharing the dashboard with users who are not logged in to your Jira Cloud site. Note that if you share a dashboard publicly, it will be visible and searchable on the internet. See Prevent or remove public access for more information.

      To prevent or remove the public access, please refer to: Prevent or remove public access 
      To bulk edit dashboards to change permissions via the public API, please refer to: Bulk edit dashboards API. Please note that this API is currently experimental. Or raising a support ticket, our support engineer will be able to help with bulk editing the share permissions.

       
       
       

              Unassigned Unassigned
              bad759000199 Carlos Bodini (Inactive)
              Votes:
              7 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: