Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
Description
Summary
Users by default have the option to choose the default Sharing setting for when they create new filters and dashboards, which can be either shared with all other users ( Public ) or restricted in their User Profile.
Use of this option means that any external clients in the Jira instance can see the names of filters etc which may well be completely irrelevant to them or even business-confidential.
This is because for e.g. any filter shared with 'any logged in user', client users can see the name of the filter. If this name includes e.g. other client names then this is potentially business-damaging.
Due to this, it is important for Jira Admin to have the ability to remove that option from user's profile to avoid any security breach.
Workaround
It's possible, although unsupported, to alter the style and hide the "Shared" option from the user preference page with this snippet in the Announcement Banner:
<!-- Custom CSS to hide the "Shared" option on Users profile (JRASERVER-69095) --> <style> #update-user-preferences #update-user-preferences-sharing option:nth-child(1) { display: none; } </style>
Please read of the caveats and tradeoffs of such customizations on How to customize Jira with JavaScript and CSS.
Always test such customizations on a non-Prod instance first and validate thoroughly if no other feature's been compromised in your instance.
Attachments
Issue Links
- relates to
-
- Gathering Interest