We created an account for a person in the company, which we then deleted since it was created in a different format from the other accounts.
We have noticed from time that we have an anonymous user editing and resolving issues. We figured out that it was the deleted account. Somehow, this person is able to still be logged into the account and comment, resolve, close, and edit things.
How can we prevent this and ensure that the account is fully deactivated. This can pose a major security risk down the line if we need to remove users from Jira due to firings or layoffs.
Actually, this is almost certainly nothing to do with the deleted account. Once the account has been deleted, they cannot log in. That's it. It's gone, dead, totally secured.
What you have probably done is allowed "anyone" to edit, comment, resolve, close etc. Check your permission scheme(s). If you see the word "anyone" anywhere, that's the problem. You also need to check the workflow transitions ALL have at least one condition, even if it is just "is in jira users" or "in role of user"
Since you are on onDemand, you will have to manage the user's application access. See https://confluence.atlassian.com/display/AOD/Managing+application+access#Managingapplicationaccess-GrantingForExistingUserGrantingandrevokingapplicationaccessforanexistinguser
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs