Enable user mapping to Jira based on Aha user name and not Email (prevent privacy breach)

To map a user from Aha! to Jira the user's email is used by Aha!. This only works if Jira is configured such that the Jira option "User email visibility" is set to "Public" or "Logged in users only". For details see:

(https://confluence.atlassian.com/adminjiraserver072/configuring-jira-application-options-828788218.html

If Jira is hosted in the public domain for general bug and feature tracking this option would imply that every user can lookup the email of another user. This opens the door to email harvesting which at the very least is a problem from a mail spam perspective. However in quite a few European countries legislation is such that this is a breach of privacy laws and makes it impossible to  enable the mentioned Jira option. Since it is the only way to map users from Aha! to Jira the law prevents the take up of Aha.

The current Aha! implementation uses Jira's user picker REST API (rest/api/2/user/picker?). There is no reason to limit the user lookup to emails only. Aha! should offer the option to lookup Jira accounts based on user name as well. After all Jira's user picker API can lookup by email, user name and full name.

  • Guest
  • Feb 9 2017
  • Shipped
Release time frame
  • Attach files