Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Possible security breach, 2 accounts for 2 different products could possibly get merged

Bill Cosbie
Bill Cosbie August 31, 2021

Hello everyone, please suggest

In Jira I have 2 accounts with 2 different products (call it product 1 and product 2), and when I was logging in both in my browser, I received update of product 2, being in account of product 1. And I can also see that user of account of product 1 has access to account of product 2 — the account has both product 1 and product 2 products listed under title Products.

I think it's incorrect, what can you suggest doing? How I can unmerge (split) accounts?

Thanks all in advance for answers.

Answer
Watch
Like Be the first to like this
396 views

2 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2021

Welcome to the Community.

This would suggest that each account has been set up to be an "owner" (technical or billing) and/or the site admin on both products.

There's nothing to "split" in this case, the accounts are separate and if you want to remove them from contacts, that's fine (but a site admin can't be partially responsible, they will always see all products in a site)

View More Comments
Bill Cosbie
Bill Cosbie August 31, 2021

And what can I do in this case? I don't want that users could have access to project which not belong to them (including updates, mails etc.) Also  user product 1 can switch to Jira / product2. Does this also fall under this case?

Thank you so much for previous reply :)

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2021

I talked in generalisations before because there's not quite enough detail in your question to be exactly sure what you are seeing and what exactly you mean by "access".

This may be easier with a worked example. 

  • Imagine we have Alice, Bill, Charlie and Dave as people who might have access to things.  They all have a single Atlassian account (to keep things simple, I'll ignore other ways to have accounts in Cloud systems).
  • You have a single site on https://bill.atlassian.net, with the products Jira and Confluence.

Their rights are currently

  • Alice: Jira user, Confluence user
  • Bill: Site admin, Jira user, Confluence user
  • Charlie: Jira user
  • Dave: Confluence user

That covers the products they can all see.  As you can tell, Alice can see both, but if you want Alice to stop using one of them, you can just remove them from the product you don't want them to get to.

Bill is the only one here who can't have all their visibility removed.  As a Site admin, they will always be able to see both products in the site.  Even if you removed their Jira and Confluence user rights, they'd still be a site admin and be aware of the products (and be able to add themselves back in)

However, in your comment, you mention "projects" instead of "products", which suggests you mean something different.

You might be meaning that "When a user logs into Jira, they can see two projects but I only want Alice to see project A and Charlie to see project C" - in this case, you'll need to check the permissions of each project to see what is letting the "wrong" people into it (it's likely to be something like "Browse project = all logged in users"), removing it, and replacing it with a more specific rule like "Browse project = role of developer", and then put Alice and Charlie in only the project roles they need to be in.

Like Bill Cosbie likes this
Bill Cosbie
Bill Cosbie August 31, 2021

Wow,  thanks for such a voluminous and clear answer to me!

 

Like
Reply
0 votes
Bill Cosbie
Bill Cosbie August 31, 2021

Want to tell you that your view system seems to me not very good, as it counts a view every time I reload the page. Thanks for your replies again!

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2021

Not sure what you mean by "your view system" - I'm not an Atlassian, and I'm not a Community developer either (this place is not based on Atlassian stuff) to rule out the "mine" bit. 

Do you mean "every time someone looks at a this page (whether for the first time or as a refresh or re-visit), the view counter clocks the number of views up by one"? 

That's actually a standard way to count page views, even though most people interested in web-views are far more interested in "different people seeing different data".  It was the bane of my life for several months when I was supposed to be counting hits on a client website - they never quite grasped that there is a difference between 1 person mashing "refresh" 100 times, and 100 different visitors, but that's what most software still starts with!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security