We received complaints from one of our (external) customers saying that his name was found on the Internet via googling for his name. The hit was found via a JIRA-link on our internal JIRA-system.
When investigating, we found that it was caused by the fact that he had shared filters with restriction "Anyone".
This is not a logical behaviour from JIRA: we don't allow anonymous access to our JIRA, so we assume that nothing is exposed to the Internet. People may for example put information in the title of the filter that should not be exposed to others. As an administrator we don't have the possibility to block this. We can't even change the filters created by others.
The best solution in my opinion, is to modify the "Global Permission":
- Either create a new global permission called e.g. "Browse Filters" that an Administrator can use to block all filters.
- Or use the JIRA-Users permissions to block such Filters.
- Change all the "Shared with the public" filters to "Shared with logged-in users"(Jira version 7.2+):
- Create an XML backup of the instance.
- Stop Jira.
- Run the following query on the database:
- Start Jira.
To update search results a re-index of Jira instance is also required.