Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-39912

Add global option "Enable group <anyone>"

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects to unauthenticated users.

      I tend to think that in 90% of Jira instances that group has no use and is just a security risk dangling over our heads.

      I would suggest an option to enable that group so it is not possible to share a filter or give a permission to anyone unless the group is enabled through that new option.

      By default, it should be disabled. This way, administrators who knowingly want to allow anonymous access would need to change the setting, and maybe read some warning (see JRA-18076)

            Unassigned Unassigned
            eb3f0ea4d27d RémiS
            Votes:
            12 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: