Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Understanding question about Global Permission "Browse Users and groups"

Jonny Klaas
Jonny Klaas
Contributor
May 11, 2018

Hi,

I've got an important question about the right way to distribute permissions for customers at JIRA. I try to describe our problem as well as i can do: 

 

We work with our customers directly in JIRA, they have Permissions to create and assign issues or even schedule isues. For this we created a standard permission scheme with different project roles and different permission for our customers, like:

- Project Role "Customer employee"

- Project Role "Customer Project Manager" and so on..

Then we add our customers under "People" and the project role at the affected Projects, so they can work with us. 

Another important point is that our customers can use the @-mention feature. So they can easily mark our consultants at issues or something else. To be able to do that we have to give them the global permission "Browse users and groups", otherwise they cant mark / see our users. 

Everything is fine, they can use the @-mention Feature for example at the comment section and they can only see our employees and no other customers. The same applies for the assignee, they can only see our employees and colleagues from the project. 

 

So far so good, but here is our big problem. If they use the button "view all issues" under "Search" Panel at the left, they can filter about the right assignee at the search page.

But here they can see every user and every group in the whole Jira System?! Just with typing an "e" or any other letter?

jira_bug.png

 

so did I do something wrong? Or is this by design? Or a Bug? 

 

Regards,

Jonny

Answer
Watch
Like Be the first to like this
505 views

1 answer

1 accepted

1 vote
Answer accepted
Tarun Sapra
Tarun Sapra
Community Champion
May 11, 2018

It seems to be an open issue which has been declined by Atlassian as won't fix since it didn't gather much votes.

https://jira.atlassian.com/browse/JRASERVER-34165

View More Comments
Tarun Sapra
Tarun Sapra
Community Champion
May 11, 2018

For cloud instance - https://jira.atlassian.com/browse/JRACLOUD-34165 

Like
Jonny Klaas
Jonny Klaas
Contributor
May 11, 2018

Hi Tarun, 

Thanks for your reply. I've already seen this two suggestions, but i think its only nearly the same problem. 

Our customers are not annonymous and everything is working fine with the @mention Feature and choose an Assignee. 

It's only the assignee button at the global issue search filter that are not working properly. 

Like
Tarun Sapra
Tarun Sapra
Community Champion
May 11, 2018

Hello @Jonny Klaas

In the JIRA ticket, Anonymous is just used as an example, basically if you have some projects configured for public access then public/anonymous users can see the list of all users in the issue navigator view by clicking on the "Assignee" button pretty much same as in your case. Since you have some customers mapped for read access to Project X but in the issue navigator view those customer will be able to see the complete list of users in the assignee section even if they are not in the same project as the logged in customers.

Like
Jonny Klaas
Jonny Klaas
Contributor
May 11, 2018

Hi Tarun, 

Thanks for the detailed explanation, i got it now.  

But it's pretty annoying that atlassian does not want to fix it,because it's a really big privacy problem. 

Like
Tarun Sapra
Tarun Sapra
Community Champion
May 11, 2018

Hello @Jonny Klaas

Indeed this is an issue, may be you can add a comment on the ticket so that Atlassian might re-open the ticket. Atlassian implements lot of new features in every release but features are picked on various factors and one of those factors is the user votes. And since this particular feature didn't get much user votes thus it wasn't picked.

Like
Tarun Sapra
Tarun Sapra
Community Champion
May 11, 2018

Here's the policy -

https://confluence.atlassian.com/support/implementation-of-new-features-policy-201294576.html

 If you feel my answer has helped you then please accept/upvote the answer. thanks.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.