-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
3.6.2
-
JBoss
-
3.06
-
I am trying to create a permission scheme where a group of users is only allowed to browse an issue if it is assigned to them. By setting "Browse Projects" to "Current Assignee", this accomplishes the goal. The problem is that all projects associated with that permission scheme became visible to jira-users. Jira-users can only see that the project exists and the project leader. This sounds benign, but we have external partners and contractors that should not be able to know what other projects are being pursued. Experimentation revealed that using anything but a group to set "Browse Projects" produces the same undesirable results.
Am learning that Jira Enterprise is configurable to the Nth degree. If there is quick work around besides placing all of the group's issues into one project, please comment on that as well.
- duplicates
-
JRASERVER-8950 "Current Assignee" on Browse Permission creates security hole
- Closed
- is duplicated by
-
JRASERVER-8950 "Current Assignee" on Browse Permission creates security hole
- Closed
- is related to
-
JRASERVER-14424 Separate permissions for issue filtering and project display
- Gathering Interest