Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

🎉 New! Restrict who can view submitted forms in Jira Service Management

April 30, 2025

Hi everyone,

We’ve been focusing a lot this year on providing you with more robust ways to restrict who has access to what in Jira Service Management.

Now we’re excited to announce the ability to restrict who can view submitted forms in Jira Service Management to help teams continue to collaborate on work items.

These could be forms that contain confidential information about someone, or sensitive information specific to different teams in your company that you only want specific people or groups to be able to view. Read more about how to restrict a form

 

0f86e513-66ba-4943-be7e-2745a0018587.jpeg

How it works

From your team or company-managed service project, navigate to Forms and select the form type you wish to restrict. Here you’ll be able to give access to specific people and groups to control who can view this form once it’s been submitted. This includes any forms submitted as part of a request being raised, or forms attached to existing work items.

8c151f4d-cc8e-4827-9434-292f1186d052.jpeg

If someone on your team doesn’t have access to a form, they’ll still be able to view the work item the form is attached on but won’t be able to see the form at all. This is for the scenarios when you may still wish your organization to have full access to a work item, but reserve specific content to a restricted group of people.

For example, you may have an ‘Employee Onboarding’ request raised that all agents in your company have access to, but the ‘Personal details' form is restricted to HR and the 'Bank details’ form is restricted to Payroll.

These restrictions only apply to viewing a form, and don’t extend to viewing work items themselves. To add permissions around who can view work items, you’ll need to set up work item security levels.

4ae818a7-3dc7-4699-bcd6-44ee230c1122.jpeg

Have you had a chance to try this feature out? We’d love to hear from you!

Comment
Watch
Like # people like this
462 views

3 comments

Josh
Josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 1, 2025

@Sam Knight we've been using these JSM restrictions quite a bit! Thank you to you and the team for providing this functionality.

 

One thing in your post sent shivers down my spine though. People submitting / storing "bank details" in Jira could get really dicey really quickly. The callout about issue security is helpful, but more thought is almost certainly warranted for the entire environment. For example:

  1. Who is granted site or org admin permissions (and could therefore bypass issue and form security)?
  2. Are any backups taken of the instance and stored externally (backups aren't encrypted so these bank details would be visible in plaintext for anyone with access to the backups).
  3. Is the company subject to any specific regulations that tightly control how this data is collected / stored (e.g. GDPR in the EU)?

I know there's been a lot of push towards HRSM from Atlassian and partners over the last couple years, but it seems like there are still some core security fundamentals that Atlassian hasn't solved for yet, particularly for medium to large companies.

Like
Sam Knight
Sam Knight
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 11, 2025

Hey @Josh great to hear you're getting use out of this feature for sensitive requests in JSM!

 

I've reached out to you directly to get into the details of these questions, because we are currently exploring product needs around:

  • Ensuring site admins only see what they need to, and aren't granting themselves access to sensitive data
  • Encryption of sensitive data
  • Compliance with standards like GDPR, HIPAA, FEDramp and others

If anyone else here has thoughts on the above subjects, please reach out!

Sam

Like • Josh likes this
Carolyn McNicoll
Carolyn McNicoll
Contributor
May 13, 2025

Thanks for the update @Sam Knight .  Will they continue to drill down into the possibility of field security so that in HR only the people in a specific role can see the details they need to do their job?  Or would we need a separate form for every group of fields that can be granted for each HR role?  

Carolyn

Like

Comment

Log in or Sign up to comment
Sam Knight

Sam Knight

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

31 total posts

View profile
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.