Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-82821

Show users list only if a user has 'Browse Users and Groups' global permission.

    XMLWordPrintable

Details

    • 0
    • 7

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Behavior:

      Currently, if a user has the BROWSE PROJECTS permission in a project but not the BROWSE USERS AND GROUPS global permission, they get a list of users in any user picker fields as well as in the comments of that project.

      This was earlier limited to the users who had the global permission, but is now available at the project level, and is governed by the Browse Projects Project permission.

      However, this is a security concern for some organisations. The admins explicitly grant the required users Global permission so these selected users get a list of users.
      In some cases, they may have external users added to given projects, and these external users must not see the details of all the internal users.

      Suggested:

      1. It would be great to have this functionality restricted to Global permission only.
        OR
      2. Have a separate Project permission to allow specified users to view the list of users.

      Attachments

        Activity

          People

            Unassigned Unassigned
            b32a083f39f1 Karan Sachdev
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: