Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.4.2
-
3.04
-
Description
Try creating a "Visible to" multi-user picker custom field, and allow only this custom field's users to "Browse" issues in the permission scheme. One can no longer view issues in affected projects, even if you are in the "Visible to" custom field for some issues.
Attachments
Issue Links
- relates to
-
JRASERVER-8950 "Current Assignee" on Browse Permission creates security hole
- Closed
-
JRASERVER-8615 Granting User Custom Field "Create" or "Administer" permission grants it to everyone
- Closed
-
JRASERVER-8941 User Picker custom field used in Security Level makes issues invisible to searchers
- Closed