Activity tab displays errors for users with no Crucible/FishEye access

Xabier Davila October 22, 2012

Hi,

We have JIRA integrates with FishEye, but not all JIRA users have access to FishEye.

When a user with no FishEye access browses the All Activity tab in a JIRA issue belonging to a project linked to FishEye, some 403 errors are displayed.

This is a problem, first because of the errors, but even more important, because it's displaying project information (repository names) to users that should not have access to this info.

Is this a bug or is there any way to overcome this problem?

Thanks

xab

1 answer

1 vote
Felipe Kraemer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 1, 2012

Hi Xabier,

This is probably happening because the Application Link configured between JIRA and FishEye is using the authentication method called "Trusted Applications".

When each application has its own user base, please make sure to use OAuth authentication method.

The differences between the authentication methods can be seen here:

If the problem also happens in the Source tab, you can try to edit JIRA's Permission Scheme and revoke the permission "View Version Control" (or "View Issue Source Tab", if you're using JIRA 5.1.1 or later) to those users that should not see the Source tab.

Please let us know if the suggestions above helped.

Cheers,
Felipe Kraemer

Xabier Davila November 13, 2012

I've changed the Application Link to use OAuth, and now instead of getting an error I get a window prompting the user to log in with FishEye. the problem is that, once again, the repository names are being displayed in there.

I need to look further into modifying the permission schema, so just users with FishEye Access can see the Source tab. This can be tricky to maintain for multiple projects/visibility in both JIRA and FishEye.

Suggest an answer

Log in or Sign up to answer