Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69026

Ability to @mention user without 'Browse Users' global permission

XMLWordPrintable

    • 2
    • Hide
      Atlassian Update – 21 Sep 2023

      Thank you for reporting this issue. In the last weeks we have been working hard on fixing it.

      Summary of the problem:

      It was not possible to use @mention picker by users without Browse Users global permission.

      New behaviour after the change:

      The @mention picker ignores the Browse Users global permission and checks Browse Projects project permission instead to decide whether it should be visible for the current user and which users should be displayed.

      You can learn more about the change in its section on Preparing for Jira 9.11 page.

      Status of the fix and Fix Version:

      The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11.x and 9.12.0.

       

      Kind regards,

      Kamil Bar
      Jira DC Software Engineer

      Show
      Atlassian Update – 21 Sep 2023 Thank you for reporting this issue. In the last weeks we have been working hard on fixing it. Summary of the problem: It was not possible to use @mention picker by users without Browse Users global permission. New behaviour after the change: The @mention picker ignores the Browse Users global permission and checks Browse Projects project permission instead to decide whether it should be visible for the current user and which users should be displayed. You can learn more about the change in its section on Preparing for Jira 9.11 page. Status of the fix and Fix Version: The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11.x and 9.12.0 .   Kind regards, Kamil Bar Jira DC Software Engineer
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      My request is to be able to mention without requiring to assign the "Browse Users" global permission. JRASERVER-7467 asks to restrict the browse users permission to project users, which would resolve our issue, because then we would be able to assign "Browse Users" global permission to all our customers with no information leakage.

      However, JRASERVER-7467 has been parked because it is very difficult to solve. It is difficult to decide exactly which users to show and which users to hide. Therefore, I request to track the mention subproblem separately, because it is much easier to solve: show the users which can browse the issue you are mentioning on - just like JIRA already does.

              f5e0e0ab36de Kamil Bar
              aharith Akmal Harith (Inactive)
              Votes:
              75 Vote for this issue
              Watchers:
              44 Start watching this issue

                Created:
                Updated:
                Resolved: