Community
Products
Jira
Questions
/jira/secure/ManageFilters.jspa?filterView=search

/jira/secure/ManageFilters.jspa?filterView=search

Hello everyone,

i need some guidance on how to turn this filter view off for not log in users?

Also is there some type of jira security audit checklist?

1 answer

1 accepted

0 votes

Answer accepted

There's nothing in Jira that will do this. You could block it at a proxy level if you are using one, or something on your network, but that's not something Atlassian support.

There is a simple thing to do though - just make sure none of your projects have "Browse projects: group: anyone" and the searches will return no results for non logged-in users.

What type of "security audit" are you looking for?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hello, thank you for the information.

As for the security audit some type of a check list or best practices will be helpful(like the one you mentioned above) The goal is to assure that we have hardened the jira application as much as possible.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I haven't mentioned any check lists or best practices. I don't know what you want from a "security audit"

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Hello Nic, i had the advice above: "none of your projects have "Browse projects: group: anyone" in mind when i said best practice. As for the security audit.

First i want to mention i am not an administrator of jira and i am not familiar with most of its internal settings.

What my security audit goal will be is to validate if we are using the recommended security settings, if settings like the one you mentioned are known to our jira administrators and etc.

The goal will be to assure that only logged in employees or partners can view, browse and edit jira task, dashboards or access any data(usernames, project names, ticket etc)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Ah, ok. Permissions are quite simple on this level. Never grant "group: anyone" a permission, and Jira will only let people who are logged in see and act on stuff.

Your administrators and project leads will need to work together to set out roles for people to give them different functions in different projects via the permission schemes, but the basic "you have to be logged in to do anything" is covered by not using the "anyone" group.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Thank you very much Nic. I will be checking with the admins if they have left such permissions on any of the projects.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase