"@Mention" Security right now is given at a Global Level(Global Permissions - Browse Users). . However we use JIRA Projects for individual clients. We don't want one client being able to type "@" and see a list of user names from other projects. Is their away to scope this down to the project level?
JRA-7467 sounds like it should remedy your issue. Unfortunately, the fact that its still open means this is still in progress.
Others may know of a better workaround, but I'm not aware of one off the top of my head.
Perhaps something has changed since 2014, but @Mention security is project-level, not global. The project 'Browse' permission is checked. This can be verified experimentally, or seen in the source at SortedMentionableUserSearcher.java#searchForUsers()
JIRA's User Picker is different - it is used (mostly) when there is no issue in scope, and so has to rely on the global Browse Users permission.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.