Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-28511

Issue linking activity in change history for issues that user has no permission for

XMLWordPrintable

      It seems that a user without access to a certain project, can still see the information on issue linking on the Activity and All Tab.

      To replicate this problem:

      1. Create two projects, Project A and Project B
        • Project A has Browse Permission to Group (Anyone)
        • Project B has Browse Permission to Project Role (Developer)
        • And Project B has linking Permission: Project Role (Developer)
      2. Create a ticket for both projects
      3. A user belongs to the Project Role Developer link an issue from Project A to B
        • User who does not have access to project B should not know about the existence of Project B
      4. The result/action of this issue linking will still be stored on the Activity and All tab

      Tested this behavior on JIRA 4.4.1 and 5.0.5

        1. linkproject.png
          linkproject.png
          150 kB

              Unassigned Unassigned
              isiagian Immanuel Siagian (Inactive)
              Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: