i don't get behind the request completely...
We have noticed that any project administrator is able to change the project lead. This is a security problem in our opinion since the permission scheme grants special rights (e.g. Delete issue) only to the project admin.
what i got is..that any user who is in the "administrator" role in a project is able to change project lead from any other project?
I have updated the JRA issue to make clear that a project administrator can change the lead of *his* project only.
Knowing that it's not possible i have created this issue. But as long Atlassian hasn't fixed that i am looking for a possibillity to trace it using the JIRA Audit plugin.
Of course it could hack something on my own but this would make my JIRA installation even more unmaintainable as it already is ;-)
to trace changes on this you could enable sql loging. all sql relevant stuff will be posted in atlassian-jira-sql.log
changes to project lead will look like
2012-12-20 14:19:24,296 ajp-bio-8009-exec-20 cfaysal 859x7090x1 10g48yp /secure/project/EditProjectLeadAndDefaultAssignee.jspa 7ms "UPDATE project SET pname='TEST', URL='null', LEAD='tester', DESCRIPTION='', ASSIGNEETYPE='2' WHERE ID='11701'"
where cfaysal is me who was logged in and setting Lead of a project called "Test" to username "Tester"
i understand this is not the most comfortable way to do it....but at least you can grab the information you were askin for
Hmm, I can't get a normal user with admin rights to change the project lead. What version of Jira are you using, what rights do your project leads have and could you show us where they get to edit the project lead?
We have many project administrators within a single project and each one of them can change the project lead. On the other hand we have granted the right to delete issues only to the project lead. So each project administrator can change the lead to himself and thus get the right to delete issues. This is not traced but as you see one effectively bypasses the security scheme
Hello! My name is Genevieve Blanch, and I'm the Marketing Manager at RefinedWiki, creators of apps to give teams the tools to customize Atlassian platforms. Currently, 44% of the tech team at Re...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs