We are not a software developer and we are trying to use JIRA Core to map many of our business processes.
One of the processes we are trying to get to work is corrective actions performed by our suppliers. We want to:
The supplier JIRA user should only be able to edit fields in a few specific screens. We want to be able to see how the supplier transition through the workflow and thereby also report what actions they are planning to take or are implementing. When the supplier has transitioned through the workflow we will review the information and either reject or approve the actions. This means that the supplier will perform some of the transitions and we will perform other.
We have many different suppliers and the different suppliers should not be able to see the other suppliers issues.
What is the best practice to achieve this?
JIRA only supports project security (permission schemes) and issue security (security schemes). Once you want to drill it down to field level you need a plugin to provide field security.
We have a large JIRA instance and use it with customers, consultants and vendors alike. We do have the Field Security plugin (https://marketplace.atlassian.com/plugins/com.quisapps.jira.jfs) but don't use it much.
We give access to our customers and vendors to certain projects only. If we want issues in there that only we or customers or vendors can see (or any combination thereof), we use security schemes. Whatever is completely internal is tracked in a different project that only we have acces to. We create and link the issues from the first to the latter.
Workflow security can be achieved by transition conditions based on roles. That's how we do it. Let's say you have an "Approve" transition that you only want your own employees to perform. Create a role called "Internal". Only add employees to that role. In the workflow, add a permission condition to the transition saying "Must be member of role 'Internal'".
Hope that hepls.
Hi there! Shannon from Statuspage here. 👋 With Cyber Monday quickly approaching, we're looking to hear from Atlassian customers – specifically from teams who touch incident response li...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs