On our cloud Jira instance all our existing and new users are also system users. I.e. on the users screen with only the system filter checked, I get back a list of everyone. I'd like to know why please? Is this peculiar to our instance or the norm?
I have discovered it is this bug:
It does appear that for some instances this behavior is occurring.
Please watch that case as well and vote on it to help show our developers the number of users who are affected by the problem.
You can be assured that your regular users should indeed be accounted for in your license, and you can verify this from your *.atlassian.net/admin/apps page (Application Access) page.
I hope that answers things but do let me know if you have any further doubts.
Have you used "anyone" in any of the project permissions?
I should say I visited while logged in to an Atlassian account, but not one that has any access to your system (I hope!). The page is not leaking - the url says it is a search, but all I get is the header and footer, no data, not even menu options!
So the default project permissions for that project allows Anyone to Browse Projects (along with a few other things.)
You can check this here:
However, you do have some issue level security applied:
It appears that all of your issues have a level of security applied, except for one. Try this query:
project = BDP and level is EMPTY
You will see that it returns the single issue that is visible.
There's not really a need to set issue level security if you're meaning to apply it to all users. It's meant to be used in special circumstances. For example, you have one both for Jira Users and Administrators. I would recommend having the settings for Jira Users just be your default permissions, and then only have a special one set for your Administrative users.
So in your Project Permissions I would recommend that you apply the default permissions you want there.
Any permissions you see that you mentioned Group (Anyone) be at least changed to Group (jira-users). That way it won't be publicly available on the internet.
I hope this helps!
One of the quirks of Cloud. This is counter-intuitive (and I'd say is probably undesirable behaviour), but the explanation does make sense.
When I visit the site anonymously, I can see your data. This is, because, as Shannon says, you've got "anyone" named in the permission screen.
If I were to visit as one of your users, I'd see what you expect me to.
But when I visit while using my Atlassian ID, I am not one of your users, but, because of the way Cloud works, I am a known user. I can't log in, I have no permissions, but I'm not "anonymous". So I see less than anonymous users!
You should be able to edit the issue as an Administrator and apply a new Security Level Scheme that way. I've tried to test it myself but I don't have the permissions on your instance.
Your 2nd question is showing the entire projects list. Which project are you trying to hide? Who needs to see it exactly?
Finally, you cannot remove the Components page for your project in Jira Cloud.
Once again, many thanks for taking the time to educate me in the ways of JIRA ;)
Which user are you using to attempt to make the changes? If it's the Phil Stamp user, according to the Permission Helper you don't have either of the permissions needed.
To set the permissions:
To answer your other concerns, the link you sent in regards to the project you want to hide is as follows:
You can see no specific project is listed here, and it is set to show all projects. Please note, however, that when a user goes to that URL it will list all projects that they have Browse Projects access to. So if you want to hide a project from a specific user, you want to make sure they don't have Browse Projects access. As I mentioned earlier, a lot of your projects have Anyone set as the permissions, meaning that anyone will be able to see them. You will want to change this if you don't want them to be publicly available.
Lastly, I have checked a few of your other projects, and they also have Components listed. Please be advised that the Components page will always display, and it will contain a list of components that you have connected to that project in Jira. You can review Managing Components for more details on that, including how to delete a component from your instance.
I hope this helps, but do let me know if you have any questions!
It is not possible to hide that page. Users who are logged in will be able to see all the projects they have access to from that page. So if there is any user that should not have access to see that page should not be added to any projects.
If you have any further questions my recommendation is to make a new post with a new title. You can still tag me on it.
This is so that if a user has the same problem they will be able to find the answer from a simple search.
I hope this helped but do let us know if you have any further doubts.
In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to have–in order to produce a reliable long-term roadmap. We're tur...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs