Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-7776

When adding watchers, the user-picker dialog should only show users who have access to the project.

    • 11
    • 19
    • Hide
      Atlassian Update – 30th June 2023

      Thank you for reporting this issue. In the last weeks we have been working hard on fixing it.

      Summary of the problem:
      When adding watchers, the user-picker dialog should only show users who have access to the project.
      New behaviour after the change:
      Only users who have access to the project will show in watcher user-picker dialog.
      Status of the fix and Fix Version:

      The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11.

       
      Best regards,
      Konrad Plasota
      Software Engineer

      Show
      Atlassian Update – 30th June 2023 Thank you for reporting this issue. In the last weeks we have been working hard on fixing it. Summary of the problem: When adding watchers, the user-picker dialog should only show users who have access to the project. New behaviour after the change: Only users who have access to the project will show in watcher user-picker dialog. Status of the fix and Fix Version: The fix is ready, and we’re moving the status of this ticket to Waiting for release with Fix Version 9.11 .   Best regards, Konrad Plasota Software Engineer
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      When adding watchers, the user-picker dialog should only show users who have access to the project.

      We have multiple projects running on one JIRA installation, and users are generally not allowed on all projects.
      Looking through lots of users is a bit painful, and security-wise it might also be bad.

          Form Name

            [JRASERVER-7776] When adding watchers, the user-picker dialog should only show users who have access to the project.

            David Yu added a comment -

            Piotr, some of us are still using add-ons that allow us to use Watchers in Security Levels. In any case, we had to use an nginx rewrite rule to revert back to the old behavior for us.

             

             

            David Yu added a comment - Piotr, some of us are still using add-ons that allow us to use Watchers in Security Levels. In any case, we had to use an nginx rewrite rule to revert back to the old behavior for us.    

            1be02dd9cac8 Watchers can't be added to an issue security level, a workaround is necessary. Cf. JRASERVER-5982.

            Piotr Janik added a comment - 1be02dd9cac8 Watchers can't be added to an issue security level, a workaround is necessary. Cf. JRASERVER-5982 .

            For me, this is not a consistent solution. The ticket view does filter for authorized users now.

            If I open the "Manage Watcher" view in the menu "More->Watchers", I unfortunately still see users without authorization for the project.

            Patrick Dieringer added a comment - For me, this is not a consistent solution. The ticket view does filter for authorized users now. If I open the "Manage Watcher" view in the menu "More->Watchers", I unfortunately still see users without authorization for the project.

            David Yu added a comment -

            Curious how will this impact customers that are using Watchers along with Issue Security Schemes? We add users to private tickets via watchers to enable them access. They do not have access to the ticket, but do have access to the project.

            David Yu added a comment - Curious how will this impact customers that are using Watchers along with Issue Security Schemes? We add users to private tickets via watchers to enable them access. They do not have access to the ticket, but do have access to the project.

            We have a total of over 20000 users in the IDM, of which a maximum of 250 can act as watchers. The auto-completion is thus almost ineffective! You almost always have to enter your full name to get a real match. Such a nice help (the auto-completion!) becomes useless with it.

            Klaus Krehbiel added a comment - We have a total of over 20000 users in the IDM, of which a maximum of 250 can act as watchers. The auto-completion is thus almost ineffective! You almost always have to enter your full name to get a real match. Such a nice help (the auto-completion!) becomes useless with it.

            manuher2 added a comment -

            This feeture would be very usefull and I don't think it would be so difficult to implement it !

            Please consider the currently windows is very poor and "refusing" people who do not have access, after adding them is not very easy to use.

            It would be great to propose only people who have access to the project.

            manuher2 added a comment - This feeture would be very usefull and I don't think it would be so difficult to implement it ! Please consider the currently windows is very poor and "refusing" people who do not have access, after adding them is not very easy to use. It would be great to propose only people who have access to the project.

            We still hope that this ticket will be solved while it is a teenager... Currently sixteen years, right time to be prioritized.

            Lazar Markovic added a comment - We still hope that this ticket will be solved while it is a teenager... Currently sixteen years, right time to be prioritized.

            Denis Prus added a comment -

            Still actual issue, is there any plans for solution?

            Denis Prus added a comment - Still actual issue, is there any plans for solution?

            GDPR+1, i filled the same issue as bug: GHS-176556

            Martin Sebesta added a comment - GDPR+1, i filled the same issue as bug: GHS-176556

            We've had this feature enabled and we've just realised that we have customers seeing other customers details. This is not a nice to have feature but essential. We've disabled the feature and now we have screaming customers. This put us in direct violation of GDPR. Please can you get this working.

            martin.abbott added a comment - We've had this feature enabled and we've just realised that we have customers seeing other customers details. This is not a nice to have feature but essential. We've disabled the feature and now we have screaming customers. This put us in direct violation of GDPR. Please can you get this working.

              Unassigned Unassigned
              f284acb162f1 Jeppe Øland
              Votes:
              337 Vote for this issue
              Watchers:
              242 Start watching this issue

                Created:
                Updated: