People who are not logged in can see and comment as anonymous on tickets. This is a big security risk for us and our clients. I only want access for logged in users.
I tried in both Safari and an incognito window in Chrome and I am able to see the full ticket without being logged in.
Change the permission scheme(s). Remove the "group" called "anonymous" from all inappropriate permissions
(Frankly, that's all of them other than "browse" for a start, and "browse = anonymous" is only for certain types of public project too)
Completely understand, but I don't share emails in public (so much spam already). Could you try it with a clean browser? If you've got Chrome or Firefox, there's an "anonymous browse" option which will not carry any login details even if you've got a normal session running - that's more than good enough to do this test.
If you can then see the issue without any login, the next step is to be 100% sure there is no "anyone" in the permissions for that one project, then visit https://support.atlassian.com to raise the issue with them. It sounds very broken to me, and quite a security hole, so I'd expect quite a swift response.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs