Anonymous users are able to browse JIRA user base via REST API
Platform Notice: Server and Data Center Only. This article only applies to Atlassian products on the server and data center platforms.
Using any working REST endpoint as in JRASERVER-29069, anonymous users are able to retrieve the entire JIRA user base (without logging in JIRA).
JIRA does not allow Anonymous access. Anonymous users are required to log in before they can view projects and issues.
Browse Users global permission is granted to Anyone.
If JIRA does not allow Anonymous access, it's not recommended to grant Browse Users global permission to Anyone. Dismissing Anyone from the permission will resolve the issue.