Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira Software
Questions
How do I remove the ability for logged out users to see tickets, comment as anonymous?

How do I remove the ability for logged out users to see tickets, comment as anonymous?

People who are not logged in can see and comment as anonymous on tickets. This is a big security risk for us and our clients. I only want access for logged in users.

I tried in both Safari and an incognito window in Chrome and I am able to see the full ticket without being logged in.

1 answer

0 votes

Change the permission scheme(s). Remove the "group" called "anonymous" from all inappropriate permissions

(Frankly, that's all of them other than "browse" for a start, and "browse = anonymous" is only for certain types of public project too)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I've gone through all of our permissions and none of them allow for "anonymous" or "anyone".

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Ok, so can you pick up a demo issue and check with a totally anonymous account? Use a browser you've not logged into your Cloud Jira with ever. (You could post it here to get one of us to check it)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Putting a link here means everyone will have access to all of our projects so even if it's a dummy project, I'd rather not post a link here. Do you have an email I can use?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Completely understand, but I don't share emails in public (so much spam already). Could you try it with a clean browser? If you've got Chrome or Firefox, there's an "anonymous browse" option which will not carry any login details even if you've got a normal session running - that's more than good enough to do this test.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If you can then see the issue without any login, the next step is to be 100% sure there is no "anyone" in the permissions for that one project, then visit https://support.atlassian.com to raise the issue with them. It sounds very broken to me, and quite a security hole, so I'd expect quite a swift response.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase