Restrict Time Tracking Report Permission

I've looked everywhere, but I can't find a way to restrict non-managers from seeing the Time Tracking report.  This is dangerous for us right now as anyone could determine the rates we are billing based on this information.  Is there a way to restrict being able to see this report?

2 answers

You can't. Browse Project gives you permission to view the reports.

But how come anyone has access to your invoices, and therefore can deduce your rates by dividing the invoiced amount by the # of hours? I don't think it's the time tracking you should try to hide.

I disagree.  The time tracking and time it takes to complete something should be kept secret, if appropriate.  In our case there are several reasons.  Government contracts are public knowledge and if someone, even an employee, looked up what the terms are they could see all the details.  Likewise, customers that join a team (a very common practice) may use this to make their own assumptions on fixed-price projects.  Obviously a straight correlation between the two is not the whole truth since there are many other costs.  But it causes disturbance within the channel.   

Another possibility is taking the information to a competitor and using it to critic your timelines and steal a contract away.  It happens all the time.

The bottom line is that there are many reasons people may want to keep the time tracking only to management.    

Okay. Fair enough. But even if you hide the Time Tracking report, somebody can easily extract that information from a simple excel export of the project's issues. Add the hours in the Time Spent column and you get the same result.

My point is, you can't make this data safe from anyone with basic Browse Project permissions. A third party plugin like this one for field-level security wouldn't make sense either, since your developers must still be able to log time. If a user can log time on any issue, he can view the logged time for any issue, add them up and get the information you want to keep secret. I don't see a way around that. At best, with a field-level plugin, you might be able to hide the time-tracking information from a specific group of users that would not be allowed to log work.

Ya, I looked at that one.  We are also using the Cloud-based implementation.  That plugin is online onpremise.  It looks like this is a lot battle.  I'm actually researching this for a Fortune 500 company.  One of their services divisions has this requirement and I completely get it.  We wanted to make it easier to integrate with some other systems, which JIRA does.  Unfortunately this is their show stopper issue and we will have to recommend something else.  sad

Thanks for checking though!   

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Statuspage

Introducing Statuspage Getting Started guides! First up: What is Statuspage?

Over the next several weeks we'll be sharing some of our Getting Started guides here in the community. Throughout this series of posts, we'd love to hear from customers and non-customers ab...

243 views 4 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you