Error Description
Mentioning users doesn't work for our clients anymore: the user list is not populated when the user types @ or clicks the @ button.
I'm pretty sure this featured used to work. Is this a bug? Let me explain as briefly as possible without leaving out any important details.
Our Setup / Details
- First of all, we're using JIRA cloud.
- All users are part of the group "jira-software-users". This is the default group with product access. This group has no permissions under Global permissions.
- Our staff is added to the "staff" group which gets access to Browse users and groups via Global permissions (among other things). Mentioning works fine for us.
- Clients are not added to any group after invitation. We assign the client to the project role "Client" for their specific project.
- The project role "Client" is allowed to Browse Projects (among other things) in our default permission schema. This schema is used by all projects.
- The client can browse the project, edit and comment on issues and so forth. It all works as intended and had been tested. Mentioning however does not work.
Using a sledgehammer to make it work
I found community threads (this one in particular), suggesting to add the client group to the global permission and allow them to Browse users and groups.
Now, while this works, this will also allow the client to open "people" on the sidebar (/people/search?q=) and look up everybody (all client users for example) on your JIRA. There are probably other more common areas in JIRA where this could happen.
After all that's exactly what the global permission page says:
Browse users and groups
View and select users or groups from the user picker, and share issues. Users with this permission can see the names of all users and groups on your site.
So this can't really be the permanent solution. Clients shouldn't see other clients, let alone select/contact them by mistake.
Anybody got an idea how to solve this differently or is experiencing the same issue?
Happy to provide more details if required.
This isn't a new feature - it's a global permission so it allows users to see everyone else on the instance - see Managing Global Permissions
There is a suggestion to enhance this - you can view that here: JRACLOUD-40283
I found a more extensive discussion on this - see here
Ste
Thanks a lot, Stephen for taking the time to answer and linking the relevant posts and discussions.
I see now that someone at Atlassian is aware of this and the problem is due to the way JIRA is built. Let's see what the future brings. At least I know now that I didn't configure anything incorrectly.
Thanks again.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.