Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Dashboard edit permissions

Robert Ikeoka
Robert Ikeoka
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 16, 2016

Is there an reason why only the owner of the dashboard can edit the dashboard?

 

From a security standpoint it adds an additional 3 steps per dashboard to edit in the event that an user accidentally share a dashboard with the Global ("Everyone") setting.  An admin cannot just edit the dashboard to change it to a compliant share setting, without changing the owner, then find the dashboard, edit the permission, then change the owner back to the original owner.

 

Additionally would it be possible to add a GET, DELETE, POST /rest/api/2/dashboard/{id}/permissions/ endpoint where an admin can systematically perform the permission cleanup?

Answer
Watch
Like Be the first to like this
2921 views

2 answers

1 vote
M
M
Contributor
May 27, 2015

You will want to use grant permissions to the Project Role(Users) and in your project configuration put the users you want to use that project in the Role for Users.

Group(anyone) allows anyone to see the issue anonymously without logging in. This means people outside your organization can see the issues if this group is used. For privacy reasons you will most likely never want to use Group(anyone). Unless you want outside users to view your issues and are okay with exposing that information.

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
May 27, 2015

Actually, you often do want to use Group(anyone), with caveats: - As Marc says, you must be absolutely convinced that you want to expose that project to the world (or at least everyone who can reach your JIRA). For collaborative purposes, that's often VERY useful, and I almost always maintain my JIRA instances with a "JIRA Support" type project, which everyone *should* see. - You must only give them *browse*. Never anything that lets them change data - Previous to Jira 6.3, you needed to make sure you have a condition on every workflow transition (this is now covered by having to explicitly grant "can transition" in 6.3+) - and the killer - your JIRA can respond up to five times faster if you have Browse: Group (anyone)

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
May 27, 2015

Short answer is "no".  I would strongly recommend having a business/admin rule that says "people always have to be in the users role, even if they are in other roles".  But you don't have to.  So there is nothing that says "a user "belongs" to a project".  You need to define a rule, or set of rules for yourself.

(For "anyone", see Marc's answer, it's spot on)

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security