Empty REST API result return for User without Browse Users permission

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 6.4.14, 7.2.1
    • Component/s: REST API
    • 6.04
    • 2
    • Severity 3 - Minor

      Summary

      User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return:

      []

      Steps to Reproduce

      1. Create User A
      2. Gives User A permission to Administrator and System Administrator
      3. Ensure User A do not have permission to Browse Users
      4. Login as User A
      5. Go to http://localhost:49748/jira721/rest/api/2/user/permission/search?permissions=PROJECT_ADMIN&projectKey=DEMO&username=

      Expected Results

      Error suggesting User A do not have permission to Browse Users

      Actual Results

      The response is:

      []

      Known affected REST API

      • /rest/api/2/user/permission/search
      • /rest/api/2/user/search
      • /rest/api/2/user/viewissue/search

      Workaround

      Add User A to Browse Users permission so that REST API return results

              Assignee:
              Unassigned
              Reporter:
              Zul NS [Atlassian] (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: