-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
4.8.0, 4.5.4, 3.16.8
-
2
-
Severity 2 - Major
-
Issue Summary
Customers in organizations can share issues with undesired organizations
Steps to Reproduce
Currently, when a user in multiple organizations, they can share an issue to an organization that users on the ticket are not members of. This could cause sharing with users or organizations that should not have access to a ticket of that type. We would like an option to restrict sharing based on the organizations the users on the ticket are not a member of.
Example:
-Purple: Org 1, Org 2
-Blue: Org 1
-Red: Org 2
Blue is creating a ticket and wants to share with Purple for an issue with Org 1 issue. Purple can access as they are a member of Org 1 and Org 2. Purple can then share the ticket with Red for the same reason. Red should not have access to the ticket based on their role within the company/team.
Expected Results
The user in Purple organization should not be able to share with Red
Actual Results
Customer in purple can share the issue with Red
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- is caused by
-
JSDSERVER-6806 Add Option to Restrict Sharing of Issues To Organizations of the Reporter or Assignee
- Closed
- links to
