Pre-configured anonymous access to user picker breaks upon upgrading to Jira 8.4+

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Low
    • None
    • Affects Version/s: 7.13.3, 8.2.4
    • Component/s: REST API
    • 7.13
    • 1
    • Severity 2 - Major

      Issue Summary

      According to Atlassian documentation (How to control anonymous user access in a public Jira instance), customers can intentionally configure global permissions and project projects to explicitly allow anonymous access to the user picker (via Browse Users/Browse Projects permissions).

      As of upgrade to Jira 8.4+ this anonymous access functionality breaks.

      Steps to Reproduce

      1. Start with Jira Server 7.13.0
      2. Assign the following permissions
        • Browse Users Global Permission: Group: "Anyone on the web"
        • Browse Projects Project Permission: Group: "Anyone on the web"
      3. Confirm an anonymous user can access user picker (e.g. using REST API)
      4. Upgrade Jira Server to 8.4+

      Expected Results

      Anonymous access to user picker (either via API or create issue screen) functions as before, with Jira 7.13 (and earlier)

      Actual Results

      Anonymous access to user picker is blocked, and the error below appears (within HAR file):

      "message":"Client must be authenticated to access this resource.","status-code":401

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Unassigned
            Reporter:
            Alexander (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: