Can Jira Align users see issue level detail when they should not have that type of access?

Suzanne Seaton November 19, 2020

We have two instances: one is General and one is InfoSec. We DO want managers to be able to see metrics for both instances in Jira Align. We DO NOT want (some) managers to see issue level detail for the InfoSec instance. The InfoSec instance has confidential, sensitive and secure content that not everyone should be able to see. I am hoping that we can do this at the permission level somehow. For example, the person in charge of technology could drill down and see info at the issue level. However, a manager at from the General instance could see metrics but not at the issue level.

Issue level: defined as the description and the comments. Summary should be okay. 

1 answer

1 accepted

0 votes
Answer accepted
Mark Cruth
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 19, 2020

Hi @Suzanne Seaton ! Thanks for the question! When you say two instances...is that two Jira instances connected to Jira Align? Also, how is the data structured into Jira Align (for General and InfoSec)...Programs, Portfolios?

Based on what you shared, the only approach I can think of is that these managers could have a system role that doesn't give them access to see the particular issue type. For example, if the issues are "Stories", you could setup the system role so that the role cannot see any stories. Managers assigned to this role could see the rollup of story data in reporting, and the title if the story rolls up to a feature, but they wouldn't be able to open the issue to see the details or see the Story Grid. The only problem with this is approach is that a system role is universal (in this example, if the person had the role we setup they would not be able to see any stories in the system). 

You might be able to leverage Team Membership to help govern this, but the only way to really prevent someone from viewing issue details using this approach would be to leverage separate portfolio structures. Is the General and InfoSec work in the same Portfolio within Jira Align?

Suzanne Seaton November 19, 2020

Hey @Mark Cruth , thanks for your reply! Yes, this is two instances (or possibly more) connected to Jira Align. I believe it will be the same Portfolio within Jira Align but I am not positive; just learning. This is for Wells Fargo, we have ~ 60,000 Jira users and then managers on top of them, and we need to keep our InfoSec issue level detail private from the General managers. Thanks!

Mark Cruth
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 20, 2020

If they are in the same portfolio I think the initial option may be the best bet. I know the Solutions Architect from Atlassian working with your organization and will let him know to reach out to you on this topic (you two can go deeper and play with a few more potential options). Good luck!!!

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events