Non-admin User Should not be able to see all users/groups in drop down

XMLWordPrintable

    • Severity 2 - Major

      NOTE: This bug report is for JIRA Portfolio Cloud. Using JIRA Portfolio Server? See the corresponding bug report.

      Summary

      In Plan configuration > Permissions > Plan access. Non-admin users can try to add Viewers and see all users/groups on the instance.

      Steps to Reproduce

      1. Login as non-admin user
      2. Create a plan
      3. Go to Plan configuration > permission
      4. Try add users or groups

      Expected Results

      • Only groups that the user are belong to should be listed
      • Only users that has "Browse Users" in Global Permission should be able to list all users

      Actual Results

      All users and groups are listed (max 50 on drop down)

      Workaround

      None

              Assignee:
              Albert Kavelar
              Reporter:
              Zul NS [Atlassian] (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: