How to set up a issue security on a request type basis

This workaround is meant to help company-managed projects where it is necessary to block the view of a request type and, for information security reasons, make it visible only to the reporter and a specific agent.

At the moment, the security level is only able to be set to Issue Type and not for a Request Type, we have a feature request created for this topic:

•  JSDCLOUD-10693 - Need to have an ability to set security level at request type

Also, the issue-level security is not available for team-managed projects and unfortunately, we didn’t have a workaround for this yet. There are feature requests suggesting adding issue security on team-managed projects:

•  JSDCLOUD-10693 - Ability to have issue level security in next-gen projects

For a specific scenario, we only used the JSM Issue Security with a Request Type.

Workaround Steps

Please follow the steps below to ensure your project is set up with the appropriate security measures. Don't worry—I'll guide you through the process!

Create a Security Scheme

• Set Up a Security Scheme:
  • You'll need to create a new security scheme for your project. This will help control who can view specific issues. For detailed guidance, please refer to the documentation on "Create an issue security scheme".
• Define Security Levels:
  • Single User: Create a security level that grants access to a specific agent who will handle the issue.
  • Reporter: Ensure the person who reported the issue can access it.
  • Additional Permissions: If you have any automation rules that automatically assign tickets to agents, it's important to include the following in your security levels to prevent any disruptions:
    • Group: Add atlassian-addons-admin
    • Project Role: Include atlassian-addons-project-access

Configure the Issue Type

• Add Security Level Field:
  • Navigate to the screen associated with the specific Issue Type that you will be using for your Request Type.
  • Include the "Security Level" field on this screen. This will allow you to apply the appropriate security settings to issues of this type.

Set Up the Request Type

Configure the Request Type:

• Add the "Security Level" field to the Request Type configuration.
• Set this field as "Hidden" on the customer portal to ensure it’s not visible to end users.
• Assign a preset value to the Security Level field, which corresponds to the security level you created specifically for this request type.

For more information on how to configure these steps, please refer to the video below: