Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA system dashboard - Change to "Shared with logged-in users"

Nathan G
Nathan G April 9, 2018

Is there any way to chance the System Dashboard to only be shared with logged-in users?

Right now its set to shared with public, and the system dashboard is not listed under System > Shared Dashboard.

Answer
Watch
Like # people like this
2039 views

3 answers

1 vote
Arbi Dridi
Arbi Dridi
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 6, 2019

Hi everyone! 

There's a way to disable public access in Jira altogether. Please see the workaround in https://jira.atlassian.com/browse/JRASERVER-65521

Cheers!

View More Comments
Bryan Beauchamp
Bryan Beauchamp September 6, 2019

That workaround is for the Server instances. What about for those of us that use the Cloud instances?

Like
Andrus Voolaine
Andrus Voolaine November 7, 2019

Thank You! This helped

Like
Reply
0 votes
Rod McWilliams
Rod McWilliams May 6, 2020

Still waiting on a response to the important question raised by Bryan_Beauchamp

What's the solution for cloud customers?

This seems like a gaping vulnerability that should be straightforward to fix.

Can someone please address this for cloud?

View More Comments
Drew Cottrell
Drew Cottrell September 18, 2020

@Rod McWilliams the official answer from Atlassian is to leave the System Dashboard blank, consider that feature doesn't exist basically I asked them for JRACLOUD ticket but not sure anyone cares enough about this.

Like Rod McWilliams likes this
Rod McWilliams
Rod McWilliams September 21, 2020

Thanks @Drew Cottrell

 

cheers

 

Rod

Like
Like
Reply
0 votes
Jose M_
Jose M.
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 9, 2018

I am not aware about it, but would be strange, because it is a system dashboard, owned by the System and Shared with everyone.

Nevertheless, the shown information depends on the permissions the especific user has. So, because we use the Mode Private, one needs to log in to see any information.

I can see the system dashboard under Global Administration / System / User Interface

View More Comments
Nathan G
Nathan G April 9, 2018

Going to:

https://<url>/jira/secure/ConfigurePortalPages!default.jspa?view=popular

Still lists the System Dashboard for anonymous users. We do not have any anonymous users and don't see a reason to make this action/page available to Public.

So what I did was modify the ConfigurePortalPages action in the JIRA-INSTALL/atlassian-jira/WEB-INF/classes directory:

<action name="user.ConfigurePortalPages" alias="ConfigurePortalPages" roles-required="use">

In a secure configuration of Jira there shouldn't be any possibility of information disclosure.

Also, I know the modification of these Jira classes is not supported by Atlassian, but I see no other option.

¯\_(ツ)_/¯

Like
Jose M_
Jose M.
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 9, 2018

I hope, there will be no negative side effect ;)

Like
JD Lobue
JD Lobue August 5, 2019

We were just made aware of public access dashboards and views being a security risk:

https://www.bleepingcomputer.com/news/security/misconfigured-jira-servers-leak-info-on-users-and-projects/

How do we change the view? I do not see a way to change the public access view to any logged in user. Help?

Like # people like this
Mary Wilson
Mary Wilson August 7, 2019

We're in the same boat, JD.  Our VP of InfoSec doesn't want any publicly facing dashboard links, but I have not be able to determine how to change for the System Dashboard.

Like
Arbi Dridi
Arbi Dridi
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 7, 2019

Hi Mary, can you take a look at my answer above? Thanks. 

Like
Mary Wilson
Mary Wilson November 7, 2019

Thanks Arbi.  I did take a look at this a while back.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events