-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
2
-
11
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Currently granting the Browse Users permission will allow users to browse for ALL users in the JIRA instance.
This should be configurable to allow browsing of users from certain groups only. For example, in a JIRA instance with multiple companies involved, users from one company can only browse for users in their own company, thus allowing them to use the Issue Navigator to look for issues from users in their own company. (with auto-complete, of course)
- is related to
-
- Closed
- relates to
-
- Under Consideration
- mentioned in
-
Page Failed to load
[JRASERVER-40283] Browse Users permission configurable to restrict browsing of users to specific groups
As our use of Jira Server expands, there is more casual information in the system. We support collaboration but would like to empower project managers more control in the scope of the information about the members of their project. This would be an absolute requirement in any move to Jira Cloud.
Hi,
no update since a long time here.
The focus from Atlassian is now more to force Server customers to upgrade to DC or migrate to cloud 
Maybe we get this fixed in DC, but Server, I doubt this will be done.
Sad to see how Atlassian changed over time, now they focus on profit.
Forgetting about the customers up to 500 users, making them big in the past.
This trend was already visible since 1-2 years, as most of the new cool features came for cloud, not all for DC and much less for Server.
But back to topic:
As workaround, we implemented for a customer, hosting Jira in a DMZ, that login and fullname are not showing any details of the real name.
If possible, this Jira instance will be replaced by a custom solution in future.
Stay healthy!
merry christmas and a happy new year!
Hello everyone,
like many other Atlassian users, as can be seen publicly from several forums, this feature has a special urgency for many users.
Have you heard any news lately about when and if this feature request will be implanted?
Does anyone of you know a suitable AddOn that could provide a workaround?
Thanks a lot and stay healthy! 
Should be implemented. Very needful for big Jira Services with a lot of different customers
^ I am wondering the same.
How has this not been resolved since 2014, what is the timeline for this fix?
Yes I confirm. We have a lot of Jira instances with a lot of projects from different customers. We cannot expose users from another customers ! We are therefore obliged to restrict the functionalities of JIRA, which is a pity...
Topic becomes more and more a problem for some of our customers. Regarding DSGVO/GDPR there is no proper argument why to expose users from other projects.
Any plan to fix this in Jira Server in the near future?
Hello,
This beahaviour can be considered as security threat as it can lead to data leak, as JS users can access JSM customers data, that can be sensistive and out of their scope.
we are currently listing all the screens and API "at risk"
See https://support.atlassian.com/requests/PSSRV-117982
I hope this will help the product team to consider this request