-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: Security
-
3
-
22
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Currently, even if a user is not logged into JIRA, he/she will still be able to access the Issue Navigator using the URL: http://<JIRA_URL>/issues/?jql=/.
Steps to reproduce:
- Setup a JIRA instance.
- Try to go to the Issue Navigator URL (for example: http://localhost:8080/issue/?jql=)
- Even if you are not logged in, you will still be able to see the issue navigator.
There are customers who share their filters with everyone, and having the Issue Navigator URL publicly accessible allows for any user to browse those filters and see the filter owner name, for instance.
Although this is the expected behaviour, it would be helpful to have the possibility of restricting access to the Issue Navigator (e.g. in the General Settings) so that anonymous users are redirected to a login page.
- relates to
-
JRASERVER-34914 Issue Navigator Accessible by anonymous users.
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
- Gathering Interest
-
- Gathering Interest
-
- Gathering Interest
-
- Under Consideration