Is having a distinct security level per JIRA issue problematic?

Daniel Flexer August 9, 2016

I need a highly granular security scheme for a JIRA project, where each issue has its own distinct, group of users permitted to access it. I intend to implement this by defining a separate issue security level for each new issue when it is created. The issues and their associated security levels are created programmatically.

  1. Is this a viable approach?
  2. Should I anticipate issues with JIRA functionality or performance as a result of having a large number of security levels active for this project?
  3. Can this approach affect the performance or stability of other projects in the JIRA instance?
  4. Other than the very long list of security levels that will be present in the security level selection menu, are there other usability issues with this approach?
  5. Can you suggest a different approach to achieve my requirement?

2 answers

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 9, 2016

Quite simply, no, this won't scale.  You'll rapidly run into problems with performance, globally, and the administration screens for the levels will quickly grow to a point where they can't be rendered.  If your issues in this project are rarely created and used, you'll be ok, but I'd say you'll start to notice problems when you reach a couple of hundred.

I'd define a single scheme which names a group-picker as the visibility and then set that picker (you'll still have way too many groups, but that won't cause you anywhere near as many problems)

0 votes
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 9, 2016

There is one way around it. If you base you permission schemes on something like watchers this kind of allows you to simply allow someone to browse, comment, work on issues on a pretty individual base per ticket. It does however force you to keep the watchers field up to date with whoever needs to be on the ticket. It makes sense that you limit the "Manage watchers" permission, as this could grant people to involve others.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events