-
Suggestion
-
Resolution: Fixed
-
11
-
50
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Assigning anyone to global permissions such as a "Browse user" is a sure way to shoot yourself in the foot inadvertently.
We make a vague mention of it in the documentation
- if you wish to grant the permission to non logged-in users, select 'Anyone' (not recommended for production systems). Note that the 'JIRA Users' permission (i.e. permission to log in) cannot be granted to 'Anyone' (i.e. to non logged-in users) since this would be contradictory.
A worse impact can happen if 'Browse Project' (in Project Permissions page) is misconfigured for 'Anyone'. This may allow public search engine crawlers to index JIRA issues.
We should add an explicit warning on the Global Permissions and Project Permissions page.
Alternatively we could update the wording description like was done in JRA-29503. That is, we could change "Anyone" to "Public" (or "Anonymous and JIRA users").
- is related to
-
JRASERVER-63994 The rest documentation around certain user resources is incorrect with respect to anonymous access and the "Browser User" permission
- Closed
-
JRASERVER-39912 Add global option "Enable group <anyone>"
- Closed
-
SECINT-6999 Loading...
- relates to
-
JRASERVER-71128 Unable to change dashboard/filter ownership if shared to public but Public Sharing is turned off
- Gathering Impact
-
JRACLOUD-18076 Warn about assigning "Anyone" group in Global and Project permissions
- Closed
-
JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'
- Closed
-
MNSTR-3104 Loading...
- was cloned as
-
JRASERVER-74956 Allow admin to disable "Anyone" group in Global and Project permissions
- Gathering Interest
-
RAID-181 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
- PIR - Improvement Action
-
PIR-40 Loading...