-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
With project/matrix based security, a user requires Overall/Read to do anything in the web UI. That is, even with permissions on a folder they cannot see anything and get the infamous “user is missing the Overall/Read permission”. But with the Overall/Read permission they can see all the other users (via e.g. /asynchPeople/). So there doesn’t seem to be a way to limit access to the user information – which, depending on context, is a data protection issue.
(tested on Jenkins 2.220)