Security situation. New User can see all projects having no role or access to any of them.

We create a new user in local JIRA system but for some reason this user see all projects and boards (with no issues)

User have only one group "jira-users" and have no roles in any project. In Permission Sheme" jira-users" have no permissions exept JIRA access only.

Access to projects we managing by roles assigning to users.

In 2014 there in no such problem and now we can't find what is changed..

Any suggestions how can we fix such thing?

Thanks in advance.

1 answer

1 accepted

1 vote
Accepted answer

Check what is defined in the browse-projects permission. Do you have any project role or group defined in it.

If yes, check if the user is part of that role or group.

Only way a user can get access to a project is by having the browse issue permission.

Why he is not able to view issues is a different issue and reasons can be many,buts thats not the issue here.



I checked what is defined in the browse-projects permission.

We have an permission that allows browse projects by "Author".

So Any user that can create an issues can see any project no metter what permissions are set in project for group or role or user.


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,911 views 19 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you