Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-14506

Automatic access added to newly added bitbucket account without notificiation

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Steps to replicate:

      1. Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector.
      2. Click on the cog to the right of your new account and view 'configure automatic access'

      Result:

      Automatic access will be set up and membership to the 'developers' group will be granted

      Expected result:

      Either no automatic access will be set up, or during the creation process you should be warned that automatic access has been granted.

      This is a security concern for users that add people that should have access to the repository to their OD account, as access will be granted unknowingly.

      It also becomes more of a problem now that UNIFIED-79 has been released, as it's not at all obvious that membership is granted anymore.

          Form Name

            [JSWSERVER-14506] Automatic access added to newly added bitbucket account without notificiation

            There are no comments yet on this issue.

              Unassigned Unassigned
              mhunter Matthew Hunter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: