How can I restrict the Activity Stream on the System Dashboard?

We're trying to configure customer access to JIRA, and don't want to display any internal project data. We've got all internal projects secured with a specific internal Permissions Scheme. After setting up the customer accounts, I logged in with one to see what they see. All projects are secured properly; however, I can search for and display the System Dashboard. That wouldn't be so bad, but on the system dashboard is the Activity Stream, showing issues from all projects. Is there a way to restrict the view of the Activity Stream, say, by jira group? Or is there another slick way that I can restict the view our external customers have of the activity stream?

6 answers

Activity stream should only display issues updates for the issues the logged in user can see. What happens if you click on any of the issues in the activity stream? Do you get a permission error?

Yes, I do see items (not issues) from 'secured' projects in the Stream and when I click on them I don't get any type of permission error -- for example, a code snippet that was submitted. Yes, I thought I had closed that loop with my Issue Security Scheme, but it doesn't appear to be working. :-(

So it looks like a mis-configuration with your permission scheme and/or issue security scheme (maybe your issues do not have a security level selected).

I don't think so, Patrick, The Permissions and Issue Security seem to only apply to ISSUES, yes? Doesn't seem to account for items related to Bamboo, Crucible, FishEye, Subversion, and Confluence. These are the items I ended up turning 'off' on the Activity Stream so they now don't show up. Do you have a better way to filter those items by a security group?


1 vote
David Simpson Community Champion Jun 29, 2013

Perhaps you could restrict the Activity Stream gadget to just logged in users. Adding the paratmeter roles-required=use to the end of the activity streams gadget URL should prevent usrs who are not logged in from seeing the gadget.

For other configurations, check out this JIRA: https://jira.atlassian.com/browse/JRA-21505

0 vote
Timothy Chin Community Champion Jun 23, 2013

Well, I believe that the Activity Stream gadget complies to the JIRA permissions so you should be fine. Do they see issues that they are not supposed to see on the gadget?

Yes, Tim, they do see items from projects they shouldn't see...not issues, but code changes, comments, etc. Any way to use Security to rope these off as well?

Here's an example of what I can see as an external customer in the Activity Stream:

"Ken Hymes committed changeset 3982 to the DELIRIOUS project"

There are active links to the "3892" code snippet and to the project DELIRIOUS that I can access and view.

These are links/references to our Subversion code repository, which is also linked to issues in JIRA...

Is there any update to this? How do you actually apply roles-required=use to a gadget? @David Simpson I know this is a really old issue, but having the exact same problem.

Essentially, our internet hosted JIRA application shows the Activity Stream as it is part of the System Dashboard when a user is logging in. So the before username / password has been entered the Activity Stream shows users updates on Issues and the regular activities as expected. This is fine to show after the user logs in but not before any login info is provided. How do I restrict / stop this?

What worked for me is restricting the permission for Developer Tools in the Permission Scheme assigned to the project. By default is assigned to all JIRA users. Changed to Project roles.

 

Thank you very much. That's what i was looking for. Hide all activity not related to user project.

You are welcome. Glad to help

Did not work for me. Removed all permissions from View Development Tools, but any logged user still can see any activity for all projects in Activity Stream.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,227 views 14 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot