Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I remove the ability for logged out users to see tickets, comment as anonymous?

Leslie Kramer
Leslie Kramer
March 31, 2015

People who are not logged in can see and comment as anonymous on tickets.  This is a big security risk for us and our clients.  I only want access for logged in users.

I tried in both Safari and an incognito window in Chrome and I am able to see the full ticket without being logged in. 

Answer
Watch
Like Be the first to like this
332 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 31, 2015

Change the permission scheme(s).  Remove the "group" called "anonymous" from all inappropriate permissions 

(Frankly, that's all of them other than "browse" for a start, and "browse = anonymous" is only for certain types of public project too)

View More Comments
Leslie Kramer
Leslie Kramer
March 31, 2015

I've gone through all of our permissions and none of them allow for "anonymous" or "anyone".

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 31, 2015

Ok, so can you pick up a demo issue and check with a totally anonymous account? Use a browser you've not logged into your Cloud Jira with ever. (You could post it here to get one of us to check it)

Like
Leslie Kramer
Leslie Kramer
March 31, 2015

Putting a link here means everyone will have access to all of our projects so even if it's a dummy project, I'd rather not post a link here. Do you have an email I can use?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 31, 2015

Completely understand, but I don't share emails in public (so much spam already). Could you try it with a clean browser? If you've got Chrome or Firefox, there's an "anonymous browse" option which will not carry any login details even if you've got a normal session running - that's more than good enough to do this test.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 31, 2015

If you can then see the issue without any login, the next step is to be 100% sure there is no "anyone" in the permissions for that one project, then visit https://support.atlassian.com to raise the issue with them. It sounds very broken to me, and quite a security hole, so I'd expect quite a swift response.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security