People who are not logged in can see and comment as anonymous on tickets. This is a big security risk for us and our clients. I only want access for logged in users.
I tried in both Safari and an incognito window in Chrome and I am able to see the full ticket without being logged in.
Change the permission scheme(s). Remove the "group" called "anonymous" from all inappropriate permissions
(Frankly, that's all of them other than "browse" for a start, and "browse = anonymous" is only for certain types of public project too)
Completely understand, but I don't share emails in public (so much spam already). Could you try it with a clean browser? If you've got Chrome or Firefox, there's an "anonymous browse" option which will not carry any login details even if you've got a normal session running - that's more than good enough to do this test.
If you can then see the issue without any login, the next step is to be 100% sure there is no "anyone" in the permissions for that one project, then visit https://support.atlassian.com to raise the issue with them. It sounds very broken to me, and quite a security hole, so I'd expect quite a swift response.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot