I wanted to see if anyone else was a bit surprised to see a brand new user showing up in their Space permissions with access enabled by default.
As a security engineer as well as admin for our Atlassian stack, I don't appreciate new users with granted permissions showing up unannounced and I wish there would have been a better way of handing that transparently.
It did end up costing me a couple hours investigating, ultimately disabling the plugin in the System Plugins and finding that this did NOT appear to remove the user and access permissions in all our Spaces, including private ones.
I really think this should have been an opt-in app, not enabled by default.
We would really encourage Atlassian to think about how they release new plugins with potential security implications and how these might be a cause for concern in environments that are extremely concerned about privacy.
My organization has a policy of reviewing all integrations of software, and this was never something we had the opportunity to review and had to spend time figuring it out after the fact.
"a bit surprised" in this case is an euphemism .. because of this I am now considering migrating out of atlassian and already started looking for alternatives .. I do not recollect trying out any Teams add-ons and users invited to the site which I maintain will be unhappy to see this user ... would love to know more what this is about
Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event