Security situation. New User can see all projects having no role or access to any of them.

We create a new user in local JIRA system but for some reason this user see all projects and boards (with no issues)

User have only one group "jira-users" and have no roles in any project. In Permission Sheme" jira-users" have no permissions exept JIRA access only.

Access to projects we managing by roles assigning to users.

In 2014 there in no such problem and now we can't find what is changed..

Any suggestions how can we fix such thing?

Thanks in advance.

1 answer

1 accepted

This widget could not be displayed.

Check what is defined in the browse-projects permission. Do you have any project role or group defined in it.

If yes, check if the user is part of that role or group.

Only way a user can get access to a project is by having the browse issue permission.

Why he is not able to view issues is a different issue and reasons can be many,buts thats not the issue here.

Rahul

Thanks.

I checked what is defined in the browse-projects permission.

We have an permission that allows browse projects by "Author".

So Any user that can create an issues can see any project no metter what permissions are set in project for group or role or user.

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Friday in Jira

New 5k User Limit and Other Cloud Updates

Hi all! Lauren here from the Enterprise Cloud marketing team.  I have some exciting Cloud updates from #AtlassianSummit that I wanted to share. We want everyone in your organization to be ab...

94 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you