Best practice to work with external suppliers in same JIRA instance?

We are not a software developer and we are trying to use JIRA Core to map many of our business processes. 
One of the processes we are trying to get to work is corrective actions performed by our suppliers. We want to:

  1. We create an issue in JIRA with the responsible person at the supplier as the assignee
  2. We expect certain corrective actions to be performed by the supplier and that the assignee shall report these actions in JIRA as JIRA user

The supplier JIRA user should only be able to edit fields in a few specific screens. We want to be able to see how the supplier transition through the workflow and thereby also report what actions they are planning to take or are implementing. When the supplier has transitioned through the workflow we will review the information and either reject or approve the actions. This means that the supplier will perform some of the transitions and we will perform other.

We have many different suppliers and the different suppliers should not be able to see the other suppliers issues.

What is the best practice to achieve this?

1 answer

1 accepted

JIRA only supports project security (permission schemes) and issue security (security schemes). Once you want to drill it down to field level you need a plugin to provide field security.

We have a large JIRA instance and use it with customers, consultants and vendors alike. We do have the Field Security plugin (https://marketplace.atlassian.com/plugins/com.quisapps.jira.jfs) but don't use it much.

We give access to our customers and vendors to certain projects only. If we want issues in there that only we or customers or vendors can see (or any combination thereof), we use security schemes. Whatever is completely internal is tracked in a different project that only we have acces to. We create and link the issues from the first to the latter.

Workflow security can be achieved by transition conditions based on roles. That's how we do it. Let's say you have an "Approve" transition that you only want your own employees to perform. Create a role called "Internal". Only add employees to that role. In the workflow, add a permission condition to the transition saying "Must be member of role 'Internal'".

Hope that hepls.

Best regards,
George

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published 7 hours ago in Marketplace Apps

Calling all developers––You're invited to Atlas Camp 2018

 Atlas Camp   is our developer event which will take place in Barcelona, Spain  from the 6th -7th of   September . This is a great opportunity to meet other developers and get n...

32 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you