Automatic access added to newly added bitbucket account without notificiation

2014-03-11T05:51:31
ID ATLASSIAN:JSWCLOUD-14506
Type atlassian
Reporter mhunter
Modified 2016-07-14T00:45:39

Description

Steps to replicate:

Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector.

Click on the cog to the right of your new account and view 'configure automatic access'

Result:

Automatic access will be set up and membership to the 'developers' group will be granted

Expected result:

Either no automatic access will be set up, or during the creation process you should be warned that automatic access has been granted.

This is a security concern for users that add people that should have access to the repository to their OD account, as access will be granted unknowingly.

It also becomes more of a problem now that UNIFIED-79 has been released, as it's not at all obvious that membership is granted anymore.