Remove external users from appearing in user fields

Phillip C
Contributor
October 31, 2024

We have a number of custom fields of the type "User Picker (single user)", so the field allows you pick a user. Now, the issue is that because we have JSM and we have external accounts raising requests, that custom field is displaying ALL of these external accounts in other projects.

image.png

How can we restrict the custom fields to only display our internal accounts and not externals for our other projects? It's basically only our JSM projects that need to give the ability to show the external accounts.

I would imagine there is some sort of security scheme permission i need to tweak for this?

 

1 answer

0 votes
Clark Everson
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 31, 2024

Hi @Phillip C 

We also have external customers, while we are not in cloud the only way we were able to do this was to completely disable the user picker search so then the only way names come up is if an email or a username is type explicitly. It's not the most convenient however, when using an external instance our security team actually recognized the user picker as a potential place for data leaking

Best,

Clark

Phillip C
Contributor
November 24, 2024

Thanks @Clark Everson for the input, that's a very compelling point. Exposing your entire user base due to a searchable user field, surely that's a security oversight on Atlassian's behalf?

However I'm just trying to resolve the issue for our internal projects.. but i'll be keeping this in mind for customer based forms... yikes!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events