Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-8689

Turn off dashboard customisability for different groups and/or different dashboards

    • 2
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian Update - 23 April 2015

      Hi everyone,

      Thanks for voting and commenting on this issue. Your input in the comments helps us understand how this affects you and what you're hoping to accomplish with JIRA.

      At this time, this suggestion is not on the JIRA development roadmap. Please remember that jira.atlassian.com is one of many inputs for the JIRA roadmap. You can learn more about our process here.

      I understand that our decision may be disappointing. Please don't hesitate to contact me if you have any questions.

      Regards,
      Dave Meyer
      dmeyer@atlassian.com
      Product Manager, JIRA Platform

      It would be nice to be able to turn off the ability to customise dashboards for certain groups and/or different dashboards. That way certain groups could have a default dashboard that can't be edited but in JIRA Enterprise, they could add another dashboard that they could edit but not be able to edit the default dashboard.

      Also, certain groups could edit the default dashboard where as other users could not.

            [JRASERVER-8689] Turn off dashboard customisability for different groups and/or different dashboards

            Angela added a comment -

            Hi all,

            You might want to check out Dashboard Folders for Jira which allows Jira admin to restrict specific user groups from creating dashboards.

            Hope it will be useful to you!

            Angela added a comment - Hi all, You might want to check out Dashboard Folders for Jira  which allows Jira admin to restrict specific user groups from creating dashboards. Hope it will be useful to you!

            Ok - so my assumptions were correct. Atlassian support helped me to confirm the behavior described above and created a ticket for it:

            https://jira.atlassian.com/browse/JRA-62663

            I really hope this or the new Issue gets more attention now.

            Carsten Decker added a comment - Ok - so my assumptions were correct. Atlassian support helped me to confirm the behavior described above and created a ticket for it: https://jira.atlassian.com/browse/JRA-62663 I really hope this or the new Issue gets more attention now.

            Carsten Decker added a comment - - edited

            Am I correct to assume that ...

            • The activitiy stream gadget shows confluence updates regardless of project / space permissions
            • System gadgets like activitiy stream can not be disabled completely
            • Any user can create personal dashboards containing the (unfiltered) activity stream gadget
            • Atlassian does not take care of security concerns raised here
            • This issue is 11 years (!!!) old

            ?

            Carsten Decker added a comment - - edited Am I correct to assume that ... The activitiy stream gadget shows confluence updates regardless of project / space permissions System gadgets like activitiy stream can not be disabled completely Any user can create personal dashboards containing the (unfiltered) activity stream gadget Atlassian does not take care of security concerns raised here This issue is 11 years (!!!) old ?

            wes herzik added a comment -

            Dave, Jason Woods is correct that a user can still create a custom dashboard and see Bamboo and Tempo activity. This is not a nice to have feature but a serious overlook by jira and a security issue. With all the hackneyed and customization features in Jira why this isn't possible just dummy downs the system to personal agile system that can't be used across enterprises and teams.

            wes herzik added a comment - Dave, Jason Woods is correct that a user can still create a custom dashboard and see Bamboo and Tempo activity. This is not a nice to have feature but a serious overlook by jira and a security issue. With all the hackneyed and customization features in Jira why this isn't possible just dummy downs the system to personal agile system that can't be used across enterprises and teams.

            Hi Dave

            The user can still customise their own non shared dashboard though and see the entire Bamboo activity for linked applications irrelevant of their permissions.

            See BAM-15160

            This is all a big mess.

            Jason

            Jason Woods added a comment - Hi Dave The user can still customise their own non shared dashboard though and see the entire Bamboo activity for linked applications irrelevant of their permissions. See BAM-15160 This is all a big mess. Jason

            Dave Meyer added a comment -

            Hi w.herzik,

            You can use the Create Shared Objects global permission to restrict which users can create a dashboard.

            Dave Meyer
            Product Manager, JIRA

            Dave Meyer added a comment - Hi w.herzik , You can use the Create Shared Objects global permission to restrict which users can create a dashboard. Dave Meyer Product Manager, JIRA

            wes herzik added a comment -

            Indeed why is it impossible to restrict users from creating a dashboard. For the Activity Stream to 'show all' is a security issue.

            wes herzik added a comment - Indeed why is it impossible to restrict users from creating a dashboard. For the Activity Stream to 'show all' is a security issue.

            This is critical as a workaround for BAM-15160

            Jason Woods added a comment - This is critical as a workaround for BAM-15160

            Awful, awful, awful decision. With all of the customiz-ability of the app, and one gets many hours into a customization project, to find out the certain user groups can simply create a dashboard that circumvents all of the many, many settings and controls that exist and have been used to create the right permissions 'scheme' to coin a jiraphrase??? Poor decision. Very poor. And I mean, on my part for choosing JIRA to manage projects in my organization.

            Brian Bishop added a comment - Awful, awful, awful decision. With all of the customiz-ability of the app, and one gets many hours into a customization project, to find out the certain user groups can simply create a dashboard that circumvents all of the many, many settings and controls that exist and have been used to create the right permissions 'scheme' to coin a jiraphrase??? Poor decision. Very poor. And I mean, on my part for choosing JIRA to manage projects in my organization.

            I think It's essential include in permission scheme, that only some groups or users can create dashboard, because the gadgets show confidential information's stadistics about project's state. Really, I'm disappointed about this cuestion, I belive it's a big security hole because I'm a administrator that can't configure permissions about create dashboards, so anyone user associated to project can see all information about this project creating dashboard. I believe that should be included in the next version as soon as possible.

            María José Mateos Rojas added a comment - I think It's essential include in permission scheme, that only some groups or users can create dashboard, because the gadgets show confidential information's stadistics about project's state. Really, I'm disappointed about this cuestion, I belive it's a big security hole because I'm a administrator that can't configure permissions about create dashboards, so anyone user associated to project can see all information about this project creating dashboard. I believe that should be included in the next version as soon as possible.

              Unassigned Unassigned
              ben@atlassian.com BenjaminA
              Votes:
              105 Vote for this issue
              Watchers:
              60 Start watching this issue

                Created:
                Updated: