Shared filters are visible to anonymous users when shared with 'Everyone'

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Hi everyone,

We have an update for this issue. Fundamentally, the situation as reported on this suggestion is intended functionality. Sharing a filter or dashboard with "Everyone" is intended as a way to allow users who may not have accounts in your JIRA instance the ability to see certain dashboards or filters, assuming they contain issue data that has also been shared with anonymous users. There are a number of use cases for this and we know that many customers are using JIRA this way today.

That said, we are also very aware that the wording "Everyone" can cause significant confusion, where users do not realize the "Everyone" option means that the dashboard or filter will be visible to unauthenticated users. In certain situations, this can become a security concern. Therefore, we have recently introduced some changes in to mitigate this issue.

New global setting

JIRA administrators can now disable the ability to share dashboards and filters publicly via a new global setting "Public sharing". This setting is available from JIRA Admin > System > General Configuration > Edit Settings. Please note that this will not affect existing filters and dashboards. If you change this setting, you will still need to update existing filters and dashboards if they have already been shared with "Everyone."

"Everyone" is now "Public"

In order to more clearly emphasize the outcome of sharing a dashboard or filter will allow unauthenticated users to see it, we have renamed the "Everyone" setting to "Public" and updated the wording in the UI to be more explicity.

New "All logged-in users" option

We know the intent of many users who selected the "Everyone" option previously was to share the filter with everyone in their organization. We've added a new option "All logged-in users" that is a more understandable way to share a dashboard or filter with all users who have a JIRA account.

Sharing options have been reordered

In order to reduce the likelihood that a user would accidentally choose the "Everyone"/"Public" option without understanding the consequences, we have reordered the sharing options so that "Groups" are the first sharing option in the dropdown menu.

These changes were released to JIRA Cloud in August 2016 and in JIRA Server 7.2.2 to address the concerns laid out in this issue; therefore, we are going to mark it as resolved.

Thanks for your patience.

Dave Meyer
Senior Product Manager, JIRA