Automatic access added to newly added bitbucket account without notificiation

Type atlassian
Reporter mhunter
Modified 2019-08-29T00:49:10


Steps to replicate:

Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector.

Click on the cog to the right of your new account and view 'configure automatic access'


Automatic access will be set up and membership to the 'developers' group will be granted

Expected result:

Either no automatic access will be set up, or during the creation process you should be warned that automatic access has been granted.

This is a security concern for users that add people that should have access to the repository to their OD account, as access will be granted unknowingly.

It also becomes more of a problem now that UNIFIED-79 has been released, as it's not at all obvious that membership is granted anymore.