How to restrict a group to viewing only certain issues within a project?

Hey all,

 

We have a situation at work where we need some external customers to come in and add tickets to our system (this is much easier than keeping two JIRA instances synced etc.). What is most desirable is creating the one project but only allowing the external customer users to only view tickets they were 'tagged' in. I'm unsure how this tagging would work.

At the moment I can lock the group of users down to a single project, and I've read how to allow only reporter and assignee to view a ticket, but what about a whole group? Any help would be greatly appreciated.

Cheers! 

1 answer

This widget could not be displayed.

I assume you've read the stuff about issue security levels when you say "I've read how to allow only reporter and assignee"?  It's the same place as that, you can name groups in the security levels. 

It's generally better to use roles if you can (and put the groups in the roles), but that's a guideline, there's good cases to allow groups (e.g. having an auditor group)

Hey Nic,

I've setup a security level that includes the external customers group and have applied it to that project, but when a regular user creates a ticket, the external customers group can still see it. Or does the inverse need to be true (the regular users group need to be applied).

The issue security seems very confusing.

Thanks! 

The permissions can be complex, and the issue security layer on top does make it more confusing.

I find it easier to think from the top down in this case.  Start with the JIRA permissions - a user can log in, which might give them some project access.  So, you look at the permission scheme.  While that looks complicated, for visibility, it's actually easy.  Someone who has "browse project" can see all the issues in the project.

Issue security adds another layer.  It does not override permissions.  A user must have "browse project" to see issues in the project, no matter what the issue security.  What it is for is allowing you to hide issues within the project.  You set a security level, which defines "who can see this issue"

For your case, it sounds like you want to allow "regular users" to see all the issues (so include them in the security scheme, and set the security level field to "hidden" or whatever) and "external customers" to only see a few - do not set a security level for those issues.

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

264 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you