We have a situation at work where we need some external customers to come in and add tickets to our system (this is much easier than keeping two JIRA instances synced etc.). What is most desirable is creating the one project but only allowing the external customer users to only view tickets they were 'tagged' in. I'm unsure how this tagging would work.
At the moment I can lock the group of users down to a single project, and I've read how to allow only reporter and assignee to view a ticket, but what about a whole group? Any help would be greatly appreciated.
I assume you've read the stuff about issue security levels when you say "I've read how to allow only reporter and assignee"? It's the same place as that, you can name groups in the security levels.
It's generally better to use roles if you can (and put the groups in the roles), but that's a guideline, there's good cases to allow groups (e.g. having an auditor group)
I've setup a security level that includes the external customers group and have applied it to that project, but when a regular user creates a ticket, the external customers group can still see it. Or does the inverse need to be true (the regular users group need to be applied).
The issue security seems very confusing.
The permissions can be complex, and the issue security layer on top does make it more confusing.
I find it easier to think from the top down in this case. Start with the JIRA permissions - a user can log in, which might give them some project access. So, you look at the permission scheme. While that looks complicated, for visibility, it's actually easy. Someone who has "browse project" can see all the issues in the project.
Issue security adds another layer. It does not override permissions. A user must have "browse project" to see issues in the project, no matter what the issue security. What it is for is allowing you to hide issues within the project. You set a security level, which defines "who can see this issue"
For your case, it sounds like you want to allow "regular users" to see all the issues (so include them in the security scheme, and set the security level field to "hidden" or whatever) and "external customers" to only see a few - do not set a security level for those issues.
I'm John Allspaw, co-founder of Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs