Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
0
-
7
-
Description
Behavior:
Currently, if a user has the BROWSE PROJECTS permission in a project but not the BROWSE USERS AND GROUPS global permission, they get a list of users in any user picker fields as well as in the comments of that project.
This was earlier limited to the users who had the global permission, but is now available at the project level, and is governed by the Browse Projects Project permission.
However, this is a security concern for some organisations. The admins explicitly grant the required users Global permission so these selected users get a list of users.
In some cases, they may have external users added to given projects, and these external users must not see the details of all the internal users.
Suggested:
- It would be great to have this functionality restricted to Global permission only.
OR - Have a separate Project permission to allow specified users to view the list of users.