It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA system dashboard - Change to "Shared with logged-in users"

Is there any way to chance the System Dashboard to only be shared with logged-in users?

Right now its set to shared with public, and the system dashboard is not listed under System > Shared Dashboard.

2 answers

1 vote
Arbi Dridi Atlassian Team Sep 06, 2019

Hi everyone! 

There's a way to disable public access in Jira altogether. Please see the workaround in https://jira.atlassian.com/browse/JRASERVER-65521

Cheers!

That workaround is for the Server instances. What about for those of us that use the Cloud instances?

Thank You! This helped

I am not aware about it, but would be strange, because it is a system dashboard, owned by the System and Shared with everyone.

Nevertheless, the shown information depends on the permissions the especific user has. So, because we use the Mode Private, one needs to log in to see any information.

I can see the system dashboard under Global Administration / System / User Interface

Going to:

https://<url>/jira/secure/ConfigurePortalPages!default.jspa?view=popular

Still lists the System Dashboard for anonymous users. We do not have any anonymous users and don't see a reason to make this action/page available to Public.

So what I did was modify the ConfigurePortalPages action in the JIRA-INSTALL/atlassian-jira/WEB-INF/classes directory:

<action name="user.ConfigurePortalPages" alias="ConfigurePortalPages" roles-required="use">

In a secure configuration of Jira there shouldn't be any possibility of information disclosure.

Also, I know the modification of these Jira classes is not supported by Atlassian, but I see no other option.

¯\_(ツ)_/¯

I hope, there will be no negative side effect ;)

We were just made aware of public access dashboards and views being a security risk:

https://www.bleepingcomputer.com/news/security/misconfigured-jira-servers-leak-info-on-users-and-projects/

How do we change the view? I do not see a way to change the public access view to any logged in user. Help?

Like # people like this

We're in the same boat, JD.  Our VP of InfoSec doesn't want any publicly facing dashboard links, but I have not be able to determine how to change for the System Dashboard.

Arbi Dridi Atlassian Team Thursday

Hi Mary, can you take a look at my answer above? Thanks. 

Thanks Arbi.  I did take a look at this a while back.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

236 views 1 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you