Access Via WebService( or any other way)

Issue #196 closed
Former user created an issue

Hi Tuncay,

we have configured (Using roles and etc.) our SLA's, that only developer team can see those timers. Customer, who created SLA dont see any Timer or if SLA was breached or not.

Question is: Using some Jira/SLA WebService, Or maybe disabling JavaScripts in Browser, Or any other way, can Customer access information about SLA even though Customer does not have rights to do so?

Maybe you have a list of possible workarounds and ways to fix them.

Comments (5)

  1. Tuncay Senturk repo owner

    Hi,

    They can not have access by enabling/disabling javascript, but I'll try to hack using REST services.
    If there's any security vulnerability, we will fix it soon.

    Regards

  2. Tuncay Senturk repo owner

    Hi again,

    "Permission denied" error is given if users without access try to access SLA data

  3. Log in to comment