Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-10779

Links are viewable to users when the link is to an issue in a project that the user does not have access to

XMLWordPrintable

      If you can view a project, you are able to view all the linked issues as long as you have access/view rights of the linked projects.

      As soon as a link points to an issue that you do not have access rights to, you cannot view the links (or even tell that they are there). This is good and correct functionality. I have attached a screenshot jira-users view.JPG that shows the links that a client can see and a screenshot jira-developers view.JPG that shows the links in the same issue that developers can see. The developers can see all the links.

      The problem comes in when the client views the issue after clicking on the "All" link or "Change History" link. Suddenly, the client can view all the links that have been made in the issue whether they have access rights to those issues or not. Please see Change History shows all links to users.JPG that shows the Change History for the same issue as shown in jira-users view.JPG and you can see that the jira-user can view all the links even though they should only see one of the links.

      In summary, the audit trail (Change History) should only show the links that the user can actually access/view. The other links should be hidden from view.

              Unassigned Unassigned
              2783983b03ed Test
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: