Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Fix Version/s: 9.11.0, 9.12.0, 9.11.1, 9.11.2
Component/s: Email notifications, System Administration - Global Permissions
Labels:
- DC-150

UIS:
2
Current Status:

Hide

Atlassian Update – 21 Sep 2023

Thank you for reporting this issue. In the last weeks we have been working hard on fixing it.

Summary of the problem:

It was not possible to use @mention picker by users without Browse Users global permission.

New behaviour after the change:

The @mention picker ignores the Browse Users global permission and checks Browse Projects project permission instead to decide whether it should be visible for the current user and which users should be displayed.

You can learn more about the change in its section on Preparing for Jira 9.11 page.

Status of the fix and Fix Version:

The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11.x and 9.12.0.

Kind regards,

Kamil Bar
Jira DC Software Engineer

Show
Atlassian Update – 21 Sep 2023 Thank you for reporting this issue. In the last weeks we have been working hard on fixing it. Summary of the problem: It was not possible to use @mention picker by users without Browse Users global permission. New behaviour after the change: The @mention picker ignores the Browse Users global permission and checks Browse Projects project permission instead to decide whether it should be visible for the current user and which users should be displayed. You can learn more about the change in its section on Preparing for Jira 9.11 page. Status of the fix and Fix Version: The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11.x and 9.12.0 . Kind regards, Kamil Bar Jira DC Software Engineer
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

My request is to be able to mention without requiring to assign the "Browse Users" global permission. JRASERVER-7467 asks to restrict the browse users permission to project users, which would resolve our issue, because then we would be able to assign "Browse Users" global permission to all our customers with no information leakage.

However, JRASERVER-7467 has been parked because it is very difficult to solve. It is difficult to decide exactly which users to show and which users to hide. Therefore, I request to track the mention subproblem separately, because it is much easier to solve: show the users which can browse the issue you are mentioning on - just like JIRA already does.

Attachments

Issue Links

is related to

JRASERVER-7467 Show only users with project access rights in Find Issues-User Browser

Future Consideration

ENT-822 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(6 mentioned in)

Activity

People

Assignee:: Kamil Bar

Reporter:: Akmal Harith (Inactive)

Votes:: 75 Vote for this issue

Watchers:: 44 Start watching this issue

Dates

Created:: 19/Mar/2019 9:15 AM

Updated:: 26/Jan/2024 7:57 AM

Resolved:: 05/Oct/2023 1:34 PM