Is there any way to chance the System Dashboard to only be shared with logged-in users?
Right now its set to shared with public, and the system dashboard is not listed under System > Shared Dashboard.
Hi everyone!
There's a way to disable public access in Jira altogether. Please see the workaround in https://jira.atlassian.com/browse/JRASERVER-65521.
Cheers!
That workaround is for the Server instances. What about for those of us that use the Cloud instances?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Still waiting on a response to the important question raised by Bryan_Beauchamp
What's the solution for cloud customers?
This seems like a gaping vulnerability that should be straightforward to fix.
Can someone please address this for cloud?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Rod McWilliams the official answer from Atlassian is to leave the System Dashboard blank, consider that feature doesn't exist basically I asked them for JRACLOUD ticket but not sure anyone cares enough about this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am not aware about it, but would be strange, because it is a system dashboard, owned by the System and Shared with everyone.
Nevertheless, the shown information depends on the permissions the especific user has. So, because we use the Mode Private, one needs to log in to see any information.
I can see the system dashboard under Global Administration / System / User Interface
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Going to:
https://<url>/jira/secure/ConfigurePortalPages!default.jspa?view=popular
Still lists the System Dashboard for anonymous users. We do not have any anonymous users and don't see a reason to make this action/page available to Public.
So what I did was modify the ConfigurePortalPages action in the JIRA-INSTALL/atlassian-jira/WEB-INF/classes directory:
<action name="user.ConfigurePortalPages" alias="ConfigurePortalPages" roles-required="use">
In a secure configuration of Jira there shouldn't be any possibility of information disclosure. 
Also, I know the modification of these Jira classes is not supported by Atlassian, but I see no other option. 
¯\_(ツ)_/¯
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I hope, there will be no negative side effect ;)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We were just made aware of public access dashboards and views being a security risk:
How do we change the view? I do not see a way to change the public access view to any logged in user. Help?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We're in the same boat, JD. Our VP of InfoSec doesn't want any publicly facing dashboard links, but I have not be able to determine how to change for the System Dashboard.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mary, can you take a look at my answer above? Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Arbi. I did take a look at this a while back.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.