Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:

Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

Steps to replicate:

Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector.
Click on the cog to the right of your new account and view 'configure automatic access'

Result:

Automatic access will be set up and membership to the 'developers' group will be granted

Expected result:

Either no automatic access will be set up, or during the creation process you should be warned that automatic access has been granted.

This is a security concern for users that add people that should have access to the repository to their OD account, as access will be granted unknowingly.

It also becomes more of a problem now that ~~UNIFIED-79~~ has been released, as it's not at all obvious that membership is granted anymore.

Attachments

Issue Links

causes

ID-97 Create a banner to warn users about the DVCS auto-inviting function when integrated with Bitbucket

Closed

is related to

ID-25 New user management system doesn't mention that Bitbucket invites are going to be sent

Closed

relates to

JSWSERVER-14233 New user that is added to Jira is automatically invited to 'developers' group

Closed

JSWSERVER-14464 Disable adding users to Bitbucket teams by default.

Closed

BBC-742 Loading...

DESK-3600 Loading...

GROW-769 Loading...

GROW-1563 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

Wiki Page: Wiki Page Loading...

(3 relates to, 4 mentioned in, 1 Wiki Page)

Activity

People

Assignee:: Unassigned

Reporter:: Matthew Hunter

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 11/Mar/2014 5:51 AM

Updated:: 24/Aug/2022 9:36 AM