How to restrict a group to viewing only certain issues within a project?

Hey all,

 

We have a situation at work where we need some external customers to come in and add tickets to our system (this is much easier than keeping two JIRA instances synced etc.). What is most desirable is creating the one project but only allowing the external customer users to only view tickets they were 'tagged' in. I'm unsure how this tagging would work.

At the moment I can lock the group of users down to a single project, and I've read how to allow only reporter and assignee to view a ticket, but what about a whole group? Any help would be greatly appreciated.

Cheers! 

1 answer

0 votes

I assume you've read the stuff about issue security levels when you say "I've read how to allow only reporter and assignee"?  It's the same place as that, you can name groups in the security levels. 

It's generally better to use roles if you can (and put the groups in the roles), but that's a guideline, there's good cases to allow groups (e.g. having an auditor group)

Hey Nic,

I've setup a security level that includes the external customers group and have applied it to that project, but when a regular user creates a ticket, the external customers group can still see it. Or does the inverse need to be true (the regular users group need to be applied).

The issue security seems very confusing.

Thanks! 

The permissions can be complex, and the issue security layer on top does make it more confusing.

I find it easier to think from the top down in this case.  Start with the JIRA permissions - a user can log in, which might give them some project access.  So, you look at the permission scheme.  While that looks complicated, for visibility, it's actually easy.  Someone who has "browse project" can see all the issues in the project.

Issue security adds another layer.  It does not override permissions.  A user must have "browse project" to see issues in the project, no matter what the issue security.  What it is for is allowing you to hide issues within the project.  You set a security level, which defines "who can see this issue"

For your case, it sounds like you want to allow "regular users" to see all the issues (so include them in the security scheme, and set the security level field to "hidden" or whatever) and "external customers" to only see a few - do not set a security level for those issues.

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Thursday in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

5,450 views 21 17
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you