Project

General

Profile

Actions
Copy link

Defect #42100

closed

If new user is not attached to any project, he can see all users via URL simply typing numbers https://redmine.org/users/50

Added by Anvar Odilov 10 months ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:
5.0.10

Description

If new user is not attached to any project, he can see all users via URL simply typing numbers after /users/{number}
for example: https://redmine.org/users/50
In order to prevent this, user must be attached to some project with some role, otherwise, he can see list of all users.

Related issues

Is duplicate of Redmine - Feature #38853: Changes user visibility from "all" to "member of visible projects" for new roles and existing builtin rolesClosedMarius BÄ‚LTEANU

Actions
Actions
Copy link
 #1

Updated by Holger Just 10 months ago

  • Is duplicate of Feature #38853: Changes user visibility from "all" to "member of visible projects" for new roles and existing builtin roles added
Actions
Copy link
 #2

Updated by Holger Just 10 months ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

You can set the user visibility for non-member users as well as Anonymous by editing the respective roles in Administration -> Roles and permissions.

The setting for both roles as well as the default setting for new roles will be updated to "member of visible projects" in Redmine 6.0. See #38853. On older versions, you can edit this manually as described above.

Actions
Copy link

Also available in: Atom PDF