Best practice to work with external suppliers in same JIRA instance?

We are not a software developer and we are trying to use JIRA Core to map many of our business processes. 
One of the processes we are trying to get to work is corrective actions performed by our suppliers. We want to:

  1. We create an issue in JIRA with the responsible person at the supplier as the assignee
  2. We expect certain corrective actions to be performed by the supplier and that the assignee shall report these actions in JIRA as JIRA user

The supplier JIRA user should only be able to edit fields in a few specific screens. We want to be able to see how the supplier transition through the workflow and thereby also report what actions they are planning to take or are implementing. When the supplier has transitioned through the workflow we will review the information and either reject or approve the actions. This means that the supplier will perform some of the transitions and we will perform other.

We have many different suppliers and the different suppliers should not be able to see the other suppliers issues.

What is the best practice to achieve this?

1 answer

1 accepted

1 vote
Accepted answer

JIRA only supports project security (permission schemes) and issue security (security schemes). Once you want to drill it down to field level you need a plugin to provide field security.

We have a large JIRA instance and use it with customers, consultants and vendors alike. We do have the Field Security plugin ( but don't use it much.

We give access to our customers and vendors to certain projects only. If we want issues in there that only we or customers or vendors can see (or any combination thereof), we use security schemes. Whatever is completely internal is tracked in a different project that only we have acces to. We create and link the issues from the first to the latter.

Workflow security can be achieved by transition conditions based on roles. That's how we do it. Let's say you have an "Approve" transition that you only want your own employees to perform. Create a role called "Internal". Only add employees to that role. In the workflow, add a permission condition to the transition saying "Must be member of role 'Internal'".

Hope that hepls.

Best regards,

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 09, 2018 in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

247 views 6 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you