[JRASERVER-39771] Users shouldn't be suggested on the watcher list if they don't have the 'Browse Project' permission

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Issue - View Issue
Labels:
None

UIS:
0
Support reference count:
4
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Users shouldn't be suggested on the watcher list if they don't have the 'Browse Project' permission.

Currently, user without any access to JIRA will still be suggested to be a watcher and only be prompted by a 'no permission' message when selected.

duplicates

JRASERVER-7776 When adding watchers, the user-picker dialog should only show users who have access to the project.

Gathering Interest

relates to

JRACLOUD-39771 Users shouldn't be suggested on the watcher list if they don't have the 'Browse Project' permission

Closed

supersedes

JRASERVER-38009 Allow the user to be a watcher of an issue without having the browse project permission

Gathering Interest

Karel Bielan added a comment - 10/Mar/2021 9:34 AM

Could you please give me an update regarding solving this issue? Thanks you very much!

Karel Bielan added a comment - 10/Mar/2021 9:34 AM Could you please give me an update regarding solving this issue? Thanks you very much!

ruckyp added a comment - 31/Jan/2018 1:39 PM

Please send me more information about status of this task. Thank you.

ruckyp added a comment - 31/Jan/2018 1:39 PM Please send me more information about status of this task. Thank you.

ruckyp added a comment - 17/Jan/2018 12:42 PM

Could you please give me an update regarding solving this issue? Thanks.

ruckyp added a comment - 17/Jan/2018 12:42 PM Could you please give me an update regarding solving this issue? Thanks.

ruckyp added a comment - 08/Jan/2018 4:44 PM

This is a serious security issue. We can't enable "Browse users" permission for our clients, because it is not acceptable for them to be seen on any "suggested list" by other clients. With this permission disabled, our clients cannot mark other users not just in the wachers list, but also in comments. That is really uncomfortable. Please is there a date when this bug is going to be fixed? It is pretty important for us, thank you.

ruckyp added a comment - 08/Jan/2018 4:44 PM This is a serious security issue. We can't enable "Browse users" permission for our clients, because it is not acceptable for them to be seen on any "suggested list" by other clients. With this permission disabled, our clients cannot mark other users not just in the wachers list, but also in comments. That is really uncomfortable. Please is there a date when this bug is going to be fixed? It is pretty important for us, thank you.

Assignee:: Unassigned

Reporter:: Vincent Chin (Inactive)

Votes:: 15 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 01/Sep/2014 10:25 AM

Updated:: 13/Aug/2024 2:09 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Karel Bielan added a comment - 10/Mar/2021 9:34 AM

Expand comment: Karel Bielan added a comment - 10/Mar/2021 9:34 AM

Collapse comment: ruckyp added a comment - 31/Jan/2018 1:39 PM

Expand comment: ruckyp added a comment - 31/Jan/2018 1:39 PM

Collapse comment: ruckyp added a comment - 17/Jan/2018 12:42 PM

Expand comment: ruckyp added a comment - 17/Jan/2018 12:42 PM

Collapse comment: ruckyp added a comment - 08/Jan/2018 4:44 PM

Expand comment: ruckyp added a comment - 08/Jan/2018 4:44 PM

People

Dates