-
Suggestion
-
Resolution: Unresolved
-
None
-
0
-
4
-
Issue Summary
This is reproducible on Data Center: 
If the user performing the Asana data import process is an organization admin, they can inadvertently add external users to the destination organization with product access to Jira Cloud, as outlined in the following article:
- Import all members: Select if you’d like to import members from your Asana account. If you choose not to import members, all user fields will be unassigned, user mentions in comments will be imported as plain text, and commenter names will change to Anonymous.
This might pose a security issue, as not all users from Asana must be imported into the destination organization or have product access to the destination Jira Cloud instance.
The External System Import feature should display all users to be imported into the destination organization during the Asana data import process and provide an option to ignore users who should not be imported.
Steps to Reproduce
As an organization admin, import data from Asana into Jira Cloud, as described in the following article.
Expected Results
The External System Import feature should display all users to be imported into the destination organization during the Asana data import process and provide an option to ignore users who should not be imported.
Actual Results
All users from Asana are imported into the destination organization, and are granted product access to the destination Jira Cloud instance.
Workaround
Perform the import as a product admin instead of an organization admin. This approach ensures that only users who already exist in the destination organization will be mapped, preventing any new users from being imported into that organization.