-
Suggestion
-
Resolution: Unresolved
-
None
-
2
-
3
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Hi everyone,
Thanks for voting and commenting on this issue. Your input in the comments helps us understand how this affects you and what you're hoping to accomplish with JIRA.
At this time, this suggestion is not on the JIRA development roadmap. Please remember that jira.atlassian.com is one of many inputs for the JIRA roadmap. You can learn more about our process here.
I understand that our decision may be disappointing. Please don't hesitate to contact me if you have any questions.
Regards,
Dave Meyer
dmeyer@atlassian.com
Product Manager, JIRA Platform
It would be nice to be able to turn off the ability to customise dashboards for certain groups and/or different dashboards. That way certain groups could have a default dashboard that can't be edited but in JIRA Enterprise, they could add another dashboard that they could edit but not be able to edit the default dashboard.
Also, certain groups could edit the default dashboard where as other users could not.
- is duplicated by
-
- Closed
-
- Closed
-
- Closed
- is related to
-
- Closed
-
- Closed
-
- Closed
- relates to
-
- Closed
-
- Closed
-
- Closed
-
- Closed
- mentioned in
-
Page Loading...
[JRASERVER-8689] Turn off dashboard customisability for different groups and/or different dashboards
Ok - so my assumptions were correct. Atlassian support helped me to confirm the behavior described above and created a ticket for it:
https://jira.atlassian.com/browse/JRA-62663
I really hope this or the new Issue gets more attention now.
Am I correct to assume that ...
- The activitiy stream gadget shows confluence updates regardless of project / space permissions
- System gadgets like activitiy stream can not be disabled completely
- Any user can create personal dashboards containing the (unfiltered) activity stream gadget
- Atlassian does not take care of security concerns raised here
- This issue is 11 years (!!!) old
?
wes herzik
added a comment - Dave, Jason Woods is correct that a user can still create a custom dashboard and see Bamboo and Tempo activity. This is not a nice to have feature but a serious overlook by jira and a security issue. With all the hackneyed and customization features in Jira why this isn't possible just dummy downs the system to personal agile system that can't be used across enterprises and teams.
wes herzik
added a comment - Dave, Jason Woods is correct that a user can still create a custom dashboard and see Bamboo and Tempo activity. This is not a nice to have feature but a serious overlook by jira and a security issue. With all the hackneyed and customization features in Jira why this isn't possible just dummy downs the system to personal agile system that can't be used across enterprises and teams. Hi Dave
The user can still customise their own non shared dashboard though and see the entire Bamboo activity for linked applications irrelevant of their permissions.
See BAM-15160
This is all a big mess.
Jason
Hi w.herzik,
You can use the Create Shared Objects global permission to restrict which users can create a dashboard.
Dave Meyer
Product Manager, JIRA
wes herzik
added a comment - Indeed why is it impossible to restrict users from creating a dashboard. For the Activity Stream to 'show all' is a security issue.
wes herzik
added a comment - Indeed why is it impossible to restrict users from creating a dashboard. For the Activity Stream to 'show all' is a security issue. 
Brian Bishop
added a comment - Awful, awful, awful decision. With all of the customiz-ability of the app, and one gets many hours into a customization project, to find out the certain user groups can simply create a dashboard that circumvents all of the many, many settings and controls that exist and have been used to create the right permissions 'scheme' to coin a jiraphrase??? Poor decision. Very poor. And I mean, on my part for choosing JIRA to manage projects in my organization.
Brian Bishop
added a comment - Awful, awful, awful decision. With all of the customiz-ability of the app, and one gets many hours into a customization project, to find out the certain user groups can simply create a dashboard that circumvents all of the many, many settings and controls that exist and have been used to create the right permissions 'scheme' to coin a jiraphrase??? Poor decision. Very poor. And I mean, on my part for choosing JIRA to manage projects in my organization. 
María José Mateos Rojas
added a comment - I think It's essential include in permission scheme, that only some groups or users can create dashboard, because the gadgets show confidential information's stadistics about project's state. Really, I'm disappointed about this cuestion, I belive it's a big security hole because I'm a administrator that can't configure permissions about create dashboards, so anyone user associated to project can see all information about this project creating dashboard. I believe that should be included in the next version as soon as possible.
María José Mateos Rojas
added a comment - I think It's essential include in permission scheme, that only some groups or users can create dashboard, because the gadgets show confidential information's stadistics about project's state. Really, I'm disappointed about this cuestion, I belive it's a big security hole because I'm a administrator that can't configure permissions about create dashboards, so anyone user associated to project can see all information about this project creating dashboard. I believe that should be included in the next version as soon as possible.
Hi all,
You might want to check out Dashboard Folders for Jira which allows Jira admin to restrict specific user groups from creating dashboards.
Hope it will be useful to you!