We have JIRA integrates with FishEye, but not all JIRA users have access to FishEye.
When a user with no FishEye access browses the All Activity tab in a JIRA issue belonging to a project linked to FishEye, some 403 errors are displayed.
This is a problem, first because of the errors, but even more important, because it's displaying project information (repository names) to users that should not have access to this info.
Is this a bug or is there any way to overcome this problem?
This is probably happening because the Application Link configured between JIRA and FishEye is using the authentication method called "Trusted Applications".
When each application has its own user base, please make sure to use OAuth authentication method.
The differences between the authentication methods can be seen here:
If the problem also happens in the Source tab, you can try to edit JIRA's Permission Scheme and revoke the permission "View Version Control" (or "View Issue Source Tab", if you're using JIRA 5.1.1 or later) to those users that should not see the Source tab.
Please let us know if the suggestions above helped.
I've changed the Application Link to use OAuth, and now instead of getting an error I get a window prompting the user to log in with FishEye. the problem is that, once again, the repository names are being displayed in there.
I need to look further into modifying the permission schema, so just users with FishEye Access can see the Source tab. This can be tricky to maintain for multiple projects/visibility in both JIRA and FishEye.
Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs