Hidden Worklogs in Jira: Tracking Time with Permissions

Jira is a powerful project management and issue tracking tool used by teams to plan, track, and manage work. One of its key features is the ability to log work, which helps teams monitor time spent on tasks, improve estimations, and generate reports. However, sometimes worklogs need to be hidden or restricted based on permissions, either for confidentiality, compliance, or workflow reasons.

This guide explores the concept of hidden worklogs, how to manage their visibility, and best practices for tracking time effectively.

Understanding Worklogs in Jira

What Are Worklogs?

Worklogs are records of time spent on a specific issue. They typically include:

• The amount of time spent

• The date and time of logging

• The user who logged the work

• Optional comments or descriptions, worklog attributes, work type (billable/non-billable)

By default, all users in Jira can see worklogs of any other user, if they have permissions to see space and work items. However, in some cases, organizations may want to restrict access to certain worklogs for privacy or security reasons.

Managing Worklog with Permissions in Jira

Permissions in Jira

Jira's permission scheme controls who can add, edit, or delete worklogs. The key permissions include:

• Work On Issues: Allows users to log work

• View Worklogs: Allows users to see worklogs on issues

• Edit Own Worklogs: Users can modify their own worklogs

• Edit All Worklogs: Users can modify any worklog

• Delete Own Worklogs: Users can remove their own worklogs

• Delete All Worklogs: Users can remove any worklog

As we can see, unfortunately, Jira doesn't have the ability to restrict access rights to worklogs. Users will still be able to view data in the issue history or retrieve issues using JQL, using standard functions such as worklogAuthor, worklogComment, and worklogDate, which can indirectly provide some information about the worklog.

Hidden Worklogs: What Are They?

Hidden worklogs are worklogs that are not visible to all users, but only to a certain permitted group of people.

And I'm pretty sure you'll agree that they should not only be accessible from the "Work log" tab in a work item, but also prevent ANY sensitive worklog data from being retrieved from the "History" tab in a work item or via JQL.

This is where Timesheet Builder for DC comes in. It's the only solution in the Atlassian Marketplace that provides secure tracking functionality. Secured worklogs in Data Center are created to prevent unauthorized access. Users who don't have sufficient rights to view team members' worklogs will see the author and comment of the worklog as hidden. This information cannot be found in the issue history or via JQL.

How it looks for an authorized user:

What will see unauthorized user:

What is displayed in the History tab (nothing ):

FAQ

How can users with access rights view the data? They can still see everything: the worklog author, the comment, and, with sufficient rights, they can also edit or delete worklogs.

What about JQL? How does this work for users with access rights? Work items with secured worklogs cannot be retrieved if the user searches using the standard WorklogAuthor, WorkogDate, and WorklogComment functions. That's why we introduced our custom functions, such as sWorklogAuthor, sWorkogDate, and sWorklogComment. They can be used in the same way as the standard functions. Using custom functions ensures access rights are checked and allows users with access rights to retrieve work items using these functions, while also preventing unauthorized access.

You're talking about Data Center. What about Cloud? Currently, the Secure Worklogs feature is only available in Data Center. If you would like to see it in Cloud, please contact me at zhenya.elfimova@actonic.de and I will be happy to discuss the details.