We have a number of custom fields of the type "User Picker (single user)", so the field allows you pick a user. Now, the issue is that because we have JSM and we have external accounts raising requests, that custom field is displaying ALL of these external accounts in other projects.
How can we restrict the custom fields to only display our internal accounts and not externals for our other projects? It's basically only our JSM projects that need to give the ability to show the external accounts.
I would imagine there is some sort of security scheme permission i need to tweak for this?
Hi @Phillip C
We also have external customers, while we are not in cloud the only way we were able to do this was to completely disable the user picker search so then the only way names come up is if an email or a username is type explicitly. It's not the most convenient however, when using an external instance our security team actually recognized the user picker as a potential place for data leaking
Best,
Clark
Thanks @Clark Everson for the input, that's a very compelling point. Exposing your entire user base due to a searchable user field, surely that's a security oversight on Atlassian's behalf?
However I'm just trying to resolve the issue for our internal projects.. but i'll be keeping this in mind for customer based forms... yikes!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.