Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-35107

Granting the 'Browse Project' permissions to 'Reporter' causes the project to be seen by all users


      Steps to reproduce

      • Create a project with and set only 'Reporter' in the 'Browse Project' permission for the project.

      Expected Behavior

      • Atleast, only users who have the 'create issue' permission for the project and/or have already created issues in the project should be able to see it.

      Actual Behavior

      • All logged-in users are actually able to see the project, including users who don't have create issue permissions and are not potentially reporters.
      • They are however not able to see any issues in the project.
      • Removing 'Reporter' from the 'Browse Project' permission, removes any unauthorised access to the project again.

      Other notes:

      • This bug seems to match the exact same behavior as reported for the 'Current Reporter' permission in https://jira.atlassian.com/browse/JRA-34389. However, I have created a seperate bug for it because this documentation clearly states that the 'reporter' permission is different from the 'current reporter' permission. If this is a mistake, I guess the ticket can be closed as such.
      • The obvious workaround ofcourse is not to use 'Reporter' at all in the 'Browse Project Permissions', but the problem with this is that some use-cases need to allow any body who has created an issue in a project to be able to browse the project and atleast access issues they have reported.

            Unassigned Unassigned
            takindele Taiwo Akindele (Inactive)
            0 Vote for this issue
            3 Start watching this issue