Restrict Access to the Activity Log and Dashboard in JIRA Cloud
When you access your JIRA Cloud URL in your web browser, it defaults to https://example.atlassian.net/secure/Dashboard.jspa and shows you a lot of details without prompting for credentials.
As a Cloud administrator, you need to immediately lock this down visibility to valid users only.
Check the Project Permission scheme. The Browse Projects permission will include Group (Anyone).
- Edit the Permissions of the Permission Scheme(s) in question
- JIRA Administration > Issues > Permission Schemes
- Keyboard Shortcut: g+g > Permission Schemes
- Delete Group (Anyone) for the Browse Project permission
- It is advised to remove Group (Anyone) for any other permissions as well for safe measure
To test, use the Browsers In-Private/Incognito Mode or open another Web Browser to load the URL of your Cloud instance; you should be directed to the login prompt