Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Access to view tickets internal user copied in on within a Private project

Kathryn Gerrell September 25, 2023

Hi.

I'm hoping someone can help with this.  I've recently created a new team managed project within my company for our Finance team to help them work more effectively/efficiently and give them transparency on types of issues being received.

The problem I'm experiencing is that because this is for our Finance team, they will be dealing with highly sensitive information therefore the project has to be set up as "Private", meaning only people who have specifically been given internal access (only Finance Team Members) can access this project. 

This is causing major issues when either an internal or external customer emails in a request to the Finance team and copies in (or sends direct and copy finance team in) an internal user who does not have access to the project as they do not receive any notifications advising of the issue being raised and cannot access that particular issue.  Finance team are also unaware that the reporter has copied in an internal person who may be required to work within the issue.

Does anyone know of any way I can get around this problem so we can enable view/add internal comment to any issue that an internal user has been copied in on, but does not allow them access to any other issue within the project?  

Thanks in advance!

1 answer

0 votes
Ste Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 8, 2023

Hi @Kathryn Gerrell 

It might be useful to use 2 Projects for this - for example...

  • JSM: Front-door for the requests - users can make requests, and get updates from the Finance team
  • JSW: Private Project where Finance team action tickets

^ You could then do the following...

  • AutomationClone JSM Tickets into JSW Issues, and link the two - Automation could also pass comments or updates between the two issues as required

 


An alternative - or these could be used in JSM also - is to use an Issue Security Scheme

You could limit the visibility of each issue to the Finance team, the creator/reporter, and request participants. That way Finance could see all tickets, but the creator only sees the one they created.

Ste

Kathryn Gerrell October 9, 2023

Hi Ste,

Thanks for your comments.

I did try and look into whether I was able to restrict the view so that the Reporter was only able to see issues they had created and the same for Request Participants i.e. they can see the issue too, but I can't see how I can do this?

I'm looking in Issue Security Scheme, but I'm really struggling to understand exactly what would need updating for me to set this up.

Are you able to advise at all?

Thanks in advance

Kath

Ste Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 9, 2023

Hi @Kathryn Gerrell 

This is how I'd do it with an Issue Security Scheme (with instructions on how to create one):

  1. Go to Settings > Issues
  2. Select Issue Security Scheme from the left-hand menu
  3. Using the "Add issue security scheme" button, create a new scheme
  4. Next, press the hyperlink "Security Levels" on the right-hand side, in line with your newly created scheme
  5. Add a security level - eg. Default Level
  6. Next, press the "Add" hyperlink the Actions column, in line with your newly created level
  7. Add "Reporter" to the level, along with access for the Finance team (eg. Group, Project Role, etc)
  8. Finally, press the hyperlink "Default" in the Actions column, to ensure this scheme is set for every created issue
  9. Assign the scheme to your Project

You could add additional security levels if needed - eg. a level just for Finance which hides the issue even from the creator.

Now - you can't add Request Participants to an Issue Security Scheme (there's a suggestion for it though, see JSDCLOUD-3948) - but I would...

  • Use Automation to copy the users into a separate field
  • Use that field in the Issue Security Scheme instead

Ste

Kathryn Gerrell October 23, 2023

Hi Ste,

Apologies for delay, I've been on annual leave.

Thank you for the steps you provided, I got as far as number 9 and I'm stuck!  Would you know if this can only be done in a Company managed project?  The project that requires this is Team managed and it just does not have a menu option of "Issue Security" within the project settings.

I'm a Jira Site Admin and I've even asked a Jira Org & Site Admin colleague and they also do not have this option in the relevant project settings menu.

Thanks

Ste Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 19, 2023

Hi @Kathryn Gerrell 

Yes, you'd need to use Company-managed for this one.

The suggestion for allowing Issue Security Schemes in Team-managed is here, if you'd like to vote for it: https://jira.atlassian.com/browse/JSDCLOUD-8749

Ste

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events