Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-37023

Current Assignee on a security level allows a user creating issues to select these security levels even if that user cannot be assigned

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Let's say you have some security levels set for a particular project, and in some levels there is a Current Assignee permission.

      If a user has the permission to create issues in a project, that user is able to select any issue security level which has the Current Assignee permission, even if the user can't be assigned due to other permissions.
      This holds in the following scenarios:

      1. The user is NOT an Assignable User.
      2. The user is NOT the default assignee as per the project config.

      The user then ends up creating an issue which he/she cannot see due to the other permissions as per above.

      There should be a check for Assignable User before allowing the user to see and select those security levels.

      Attachments

        Issue Links

          relates to

          Suggestion - JRACLOUD-37023 Current Assignee on a security level allows a user creating issues to select these security levels even if that user cannot be assigned

          • Closed

          Activity

            People

              Unassigned Unassigned
              dleng Daniel Leng (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: