Jira Image of the Day: Preventing Access to Individual Items
Concept Relates To
|
Application Type |
Jira (Jira Work Management and Jira Software), Jira Service Management, Jira Core |
|
Deployment Type |
Jira Cloud, Jira Data Center |
What is shown?
An item marked “Confidential” using a Work item security scheme in Jira Cloud.
Visit: Admin > Work items > Work item security scheme (Cloud)
Visit: Admin > Work items > Work item security scheme (Data Center)
What can we learn?
To restrict access to an entire Jira project, use a Permission scheme. But what if you only want to restrict access to certain items in a Jira project? For this use case, use an Work item security scheme instead.
Scenario
The Compliance team needs to restrict access to individual items identified as “confidential” or “sensitive” in their Jira project. As such, two security levels are needed.
|
Security Level |
Description |
Users / Groups / Project Roles |
|
Confidential |
For items only the team can see. May contain proprietary information. |
|
|
Sensitive |
For items only team leadership can see. May contain personal or protected information. |
|
The first level, named “confidential”, is for items that only team members should see. Team members are defined as administrators in that specific Jira project, users in the project’s “Team” role, the project lead, and the reporter.
The second level, named “sensitive” is for items that only team leaders should see. Leaders are defined as project administrators, users in the “Executives” global group, and the reporter.
Access Possibilities
|
Users |
Security Level: None |
Security Level: Sensitive |
Security Level: Confidential |
|
Project Role (Administrators) |
Yes |
Yes |
Yes |
|
Project Role (Team) |
Yes |
No |
Yes |
|
Project lead |
Yes |
No |
Yes |
|
Reporter |
Yes |
Yes |
Yes |
|
Group (executives) |
Yes |
Yes |
No |
|
Everyone else |
Yes |
No |
No |
Using the provided requirements, here are the access possibilities:
-
If no security level is selected, all users who can access the Jira project can see the item.
-
Project-level administrators can view all items in the project because they are included in all security levels.
-
Reporters can view all items they report.
Tips for Using Work Item Security Schemes and Levels
-
To determine who can set a security level on individual items, be sure add users to the “Set Issue Security” line in a project’s permission scheme.
-
Add the “Security Level” field to the project’s layout in Cloud and screens in Data Center.
-
Unlike other schemes, Work item security schemes are not created or applied by default. If you need one, you must manually create it, add levels, add users and groups to the levels, and associate it with a project.
-
Having many security schemes and levels may impact performance.
-
It’s safer to automatically restrict access to all items and grant access to others with additional levels. Otherwise, you’re giving access to all and hoping that users remember to restrict the most sensitive items.
-
Don’t forget to add the reporter to the security levels. Generally, the person who reported the item should be able to view and follow it.
Was this helpful?
Thanks!
Rachel Wright
About this author
Author, Jira Strategy Admin Workbook
Industry Templates, LLC
Traveling the USA in an RV
47 accepted answers
0 comments