Hi,
I want to Prevent/Disable the option from newly invited users to invite others during the first Setup process of the newly invited user. How can I achieve that.
I already unchecked this option from User settings, but yet, this option still exists via the first invitation link and wizard.
I don't know it will be related or not, but I want to know, how to disable the "Invite Team" menu from the project?
it turns out, the non-administrator could invite other people and get the license.
I am experiencing this same issue. Non admins can sent invite emails to anyone with this option, even though the site admin allow users to invite is turned off. This is very bad!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This sounds like a huge information security loophole and a nightmare for Jira Admins that work for organisations that are careful about information security.
Surely "Invite team" should mean just that and not "Invite anyone in the world to team and give them a license as well"!
Is anyone in Atlassian responsible for closing security loopholes to whom we could forward this issue?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have a similar problem, with users who are definitely not site admins, inviting other users to join Confluence.
This generates emails to admins like this:
Subject: Someone wants to invite another user to Confluence
Body:
The user [person1]@[domain] needs access to Confluence[person 2] wants to invite [person1]@[domain], so they can both work on x.atlassian.net. You can approve access requests from your Site administration.
{etc.}
Can this feature be disabled?
I've seen this question asked in several forums, but no clear answer for Confluence Cloud
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There's a new feature now that allows you to add trusted users to invite other users:
Can you have a look and let me know what sort of permissions Person 2 has there?
Do you know what they did to trigger the invite email specifically?
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the feedback!
That Invite/Edit/Add page refers to permissions, which I don't see anywhere in the user management interface.
Person 2 is an external, non-staff user, with limited permissions. I don't know what they're doing, to generate this invitation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
David,
The permissions are available in Site Administration > User management > Users. When you click Show details next to the user, you'll see under Roles on the left which role they have.
Can you have a look and confirm that you see that?
Take a look at what role you have set for that user, and confirm with me what permissions you have set for them. I assume by "external" user you don't mean external to Confluence, but a licensed internal Confluence user which is external to your organization. Can you confirm?
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Note: There seem to be different meanings of "Invite a user, which may be causing some confusion.
- When an administrator adds a new user, that's called inviting the user; as it sends a mail to that user for them to setup their own account.
- When an existing (non-admin) user invites a user they're asking that the user be given access / it results in the administrators being prompted to approve the access request.
I believe this question's referring to the latter scenario.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
John,
Thank you so much for pointing that out!
David, in that case, are the users themselves getting an invitation email, or is only the admin getting an email to approve access request? Can you show me what that email looks like for you?
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Shannon S ,
I have the same question as Yanis and David.
I've used the Basic Role when inviting new users, the "Users can invite others" in Site Settings is unticked.
STILL, as a new user to that Confluence Cloud instance, the first step in my "Start up Confluence"-routine, I'm prompted to add emails beneath the question "Who's on your team?".
Is there anyway to detach this first step as a new user? Or does that step override all user management settings?
Best regards,
Marika
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Marika,
Thank you so much for your description. I realize now that it was this bug we reported, which turned out to be an expected behavior:
I've found the following request to disable this option below:
@Yanis, my apologies for not realizing that this was the specific feature you were referring to.
The best thing we can do for this is to vote on the CONFCLOUD request which is still open. I will comment there with this thread so the developers will be able to see the feedback.
You can also submit your feedback directly from the menu within your Cloud instance, by clicking on your profile photo:
This will be sent directly to the development team for their consideration.
Thank you and take care!
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shannon ,
What was the outcome for this issue ? Was it resolved ?
I am also facing same issue, people who are not administrators are able to invite new people on jira.
what is the step by step procedure to stop users for inviting further other users ?
Thank you in anticipation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Muhammad,
Welcome to Atlassian Community! It's nice to meet you.
In my last reply, I mentioned that it was expected behavior, which was mentioned here:
And I found the following request to disable this option below:
You can vote on the request above and you will be automatically added to the list of watchers.
Let me know if you have any questions!
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Wow. This means that I can't use Confluence for my Partner Portal project because I don't want partners to be able to invite others (even if they don't get approved) - it is just unprofessional.
This is so disappointing when basic things don't work and then don't get fixed.
This sort of thing makes it very hard to be a champion for Atlassian. :(
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I agree this is obnoxious.
This inundation of "invited_user_A wants some_uninvited_colleague to join Confluence so they can work together. Here's some more information about them" messages is making my Atlassian administration experience miserable and confusing my users.
It is a shame this issue has not received attention.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There are 4 options from Admin-> products -> user access settings.
Invite anyone, Invite approved domains, Require admin approval, Don’t allow invites
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Through an option on the settings site it is possible to restrict users from inviting others:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Even when that is not checked, I still see loads of invites that can be generated by all roles of users
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is not the pure "invite user" as per site-admin
Its the way Basic users even when Invite user is switched off can generate a different invite.
It basically means that switching off invite users does absolutely nothing to stop rouge invites.
This is not a "feature", or any kind of expected behavior - it is a risk and potential security breach
this bug we reported, which turned out to be an expected behavior:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There are different "Invite users"
Site-admin get the Invite users button, which you can add people to groups as well
Conf users (basic no added privileges) can invite users via Share page
Jira users (basic no added privileges) can invite users via Share
There should be a setting to stop shares to outside of those who already have an Atlassian account, else you end up being spammed with invite requests, which is even more annoying as then they are added sans groups, so you have to go back into each one and add them to the relevant groups.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Yanis,
Any users that you have added to the site-admins group should have the ability to invite other users. If you do not want specific users to have this ability, then you will want to remove them as a site-admin.
Can you let me know if that's not the case and what issue you're having exactly with the invite user prompt?
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
email comes in like
Summary: <basic user with no admin rights> invited <invited user> to your Atlassian site
<basic user with no admin rights> invited <invited user> to your Atlassian site
Hi Mark J Cunningham,
<basic user with no admin rights> (<basic user with no admin rights email address>) has invited <invited user> to work with your team. Here's some more information about them:
<invited user>
<email address>
New user at <site>
View profile
View your invite settings
According to setting this should not be possible:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.