Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-39912

Add global option "Enable group <anyone>"

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects to unauthenticated users.

      I tend to think that in 90% of Jira instances that group has no use and is just a security risk dangling over our heads.

      I would suggest an option to enable that group so it is not possible to share a filter or give a permission to anyone unless the group is enabled through that new option.

      By default, it should be disabled. This way, administrators who knowingly want to allow anonymous access would need to change the setting, and maybe read some warning (see JRA-18076)

      Attachments

        Issue Links

          relates to

          Suggestion - JRACLOUD-39912 Add global option "Enable group <anyone>"

          • Closed

          Suggestion - JRASERVER-18076 Warn about assigning "Anyone" group in Global and Project permissions

          • Closed

          Suggestion - JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

          • Closed

          Activity

            People

              Unassigned Unassigned
              eb3f0ea4d27d RémiS
              Votes:
              12 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: