Security situation. New User can see all projects having no role or access to any of them.

We create a new user in local JIRA system but for some reason this user see all projects and boards (with no issues)

User have only one group "jira-users" and have no roles in any project. In Permission Sheme" jira-users" have no permissions exept JIRA access only.

Access to projects we managing by roles assigning to users.

In 2014 there in no such problem and now we can't find what is changed..

Any suggestions how can we fix such thing?

Thanks in advance.

1 answer

1 accepted

Check what is defined in the browse-projects permission. Do you have any project role or group defined in it.

If yes, check if the user is part of that role or group.

Only way a user can get access to a project is by having the browse issue permission.

Why he is not able to view issues is a different issue and reasons can be many,buts thats not the issue here.

Rahul

Thanks.

I checked what is defined in the browse-projects permission.

We have an permission that allows browse projects by "Author".

So Any user that can create an issues can see any project no metter what permissions are set in project for group or role or user.

 

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Tuesday in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

232 views 1 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you