Jira cloud version - All our normal users are also system users - Why?

Of course ;) TY

Thank you, Phil! Having a look now...

Shannon

Thanks, Phil!

I have discovered it is this bug:

• ID-6219

It does appear that for some instances this behavior is occurring.

Please watch that case as well and vote on it to help show our developers the number of users who are affected by the problem.

You can be assured that your regular users should indeed be accounted for in your license, and you can verify this from your *.atlassian.net/admin/apps page (Application Access) page.

I hope that answers things but do let me know if you have any further doubts.

KKnd regards,

Shannon

Watched & voted ;)

Once again, thank-you for your expert help & diligence 

Hi Shannon

I've got another issue I'd really appreciate your help on. Would it be possible for me to PM you?

TIA

Phil

Hi Phil,

We don't have PM functionality yet on here, but feel free to @ mention my name on the case and I can have a look at it on Monday.

Shannon

Hi @Shannon Splease can you tell me why this page is visible when not logged in?

Thanks again

Phil

Have you used "anyone" in any of the project permissions?

I should say I visited while logged in to an Atlassian account, but not one that has any access to your system (I hope!).  The page is not leaking - the url says it is a search, but all I get is the header and footer, no data, not even menu options!

Hi @Nic Brough -Adaptavist-, thanks for looking. For me the page is visible from Chrome in incognito.

Hi Phil,

Sure!

So the default project permissions for that project allows Anyone to Browse Projects (along with a few other things.)

You can check this here:

BDP Permissions

However, you do have some issue level security applied:

BDP Issue Security

It appears that all of your issues have a level of security applied, except for one. Try this query:

project = BDP and level is EMPTY

You will see that it returns the single issue that is visible.

There's not really a need to set issue level security if you're meaning to apply it to all users. It's meant to be used in special circumstances. For example, you have one both for Jira Users and Administrators. I would recommend having the settings for Jira Users just be your default permissions, and then only have a special one set for your Administrative users.

So in your Project Permissions I would recommend that you apply the default permissions you want there.

Any permissions you see that you mentioned Group (Anyone) be at least changed to Group (jira-users). That way it won't be publicly available on the internet.

I hope this helps!

Shannon

One of the quirks of Cloud.  This is counter-intuitive (and I'd say is probably undesirable behaviour), but the explanation does make sense.

When I visit the site anonymously, I can see your data.  This is, because, as Shannon says, you've got "anyone" named in the permission screen.

If I were to visit as one of your users, I'd see what you expect me to.

But when I visit while using my Atlassian ID, I am not one of your users, but, because of the way Cloud works, I am a known user.  I can't log in, I have no permissions, but I'm not "anonymous".  So I see less than anonymous users!

Thanks Shannon & Nic, once again very helpful.

Some more noob questions if I may...

1. How I reset this one issue so it's [security] level is the same as the rest [i.e. not EMPTY] i.e. remove the page?
2. And remove this project from showing?
3. And finally, remove this page?

Many thanks

Phil

Hi Phil,

You should be able to edit the issue as an Administrator and apply a new Security Level Scheme that way. I've tried to test it myself but I don't have the permissions on your instance.

Your 2nd question is showing the entire projects list. Which project are you trying to hide? Who needs to see it exactly?

Finally, you cannot remove the Components page for your project in Jira Cloud.

Shannon

Hi Shannon, 

1. The security level isn't shown on the issue, even though if I select Admin - Where's my field, it says is should be:
2. Please retry from Chrome in incognito, should be just the one.
3. We have ~ cloud 40 projects. Only this one leaks the Components Page.

Once again, many thanks for taking the time to educate me in the ways of JIRA ;)

Phil

Phil,

Which user are you using to attempt to make the changes? If it's the Phil Stamp user, according to the Permission Helper you don't have either of the permissions needed.

To set the permissions:

1. Go to BDP Permissions.
2. You can see the two permissions you need here:
   1. Edit Issues (currently set to Project Role (Users))
   2. Set Issue Security (currently set to Project Role (Quality Assurance))
3. To give yourself access to these roles, you would need to go to the People tab in your project. You can have add your user to both roles here. I have confirmed you are an administrator for the project so you should have permissions to do this.
4. Once you have the proper permissions, navigate to the issue.
   1. Click the Edit button in the top-left of the issue. Note: if you still do not see the Edit button, then you don't yet have Edit Issues Permission, so in that case, double-check that you have set the permissions as I described above.
   2. Have a look at the 3rd line in the window that pops up: Security Level and set it to your desired level. I believe in your case this should be All Jira Users Access.
   3. Click Update.

To answer your other concerns, the link you sent in regards to the project you want to hide is as follows:

https://nhsbtprojects.atlassian.net/secure/BrowseProjects.jspa?selectedCategory=all&selectedProjectType=all

You can see no specific project is listed here, and it is set to show all projects. Please note, however, that when a user goes to that URL it will list all projects that they have Browse Projects access to. So if you want to hide a project from a specific user, you want to make sure they don't have Browse Projects access. As I mentioned earlier, a lot of your projects have Anyone set as the permissions, meaning that anyone will be able to see them. You will want to change this if you don't want them to be publicly available.

Lastly, I have checked a few of your other projects, and they also have Components listed. Please be advised that the Components page will always display, and it will contain a list of components that you have connected to that project in Jira. You can review Managing Components for more details on that, including how to delete a component from your instance.

I hope this helps, but do let me know if you have any questions!

Shannon

Hi Shannon,

Once again, brilliant thank-you. Fantastic, logical step-by-step help, leading to understanding ;)

Have a good weekend

Phil

Glad that was helpful!

If you have any other questions you can just ask on the Community and then @ mention my name in a comment and I will be able to see.

Take care and have a pleasant weekend!

Shannon

@Shannon S

Is it possible to hide this last page?

Hi Phil,

It is not possible to hide that page. Users who are logged in will be able to see all the projects they have access to from that page. So if there is any user that should not have access to see that page should not be added to any projects.

If you have any further questions my recommendation is to make a new post with a new title. You can still tag me on it.

This is so that if a user has the same problem they will be able to find the answer from a simple search.

I hope this helped but do let us know if you have any further doubts.

Regards,

Shannon

Thanks Shannon ;)