We launched a service desk project for our company. We have a set of request types for creating and editing user accounts. Sometimes the information entered is sensitive and we don't want all of our agents able to see the queue or the tickets related. I was doing some reading on some sort of issue security scheme thing, but I don't understand it.
Could someone help me understand how I could secure these types of tickets?
Hey Andrea,
Are you looking for all tickets of that specific type to be restricted? If so, you can use issue security levels on those specific request types. It essentially adds another layer of permissions on top of the already existing "Browse Project" permissions.
Here's how it works:
Type the "." button to pop up the administration searcher and type in "Issue Security Schemes".
Add a new scheme.
Inside of the scheme, add new security levels. In each security level, you can define WHO will have the permissions to see that ticket if this security level is set. You could have one security level that is open to all of your agents if you decide a ticket doesn't need to be secure.
Navigate to your service desk project. Add the Issue security scheme to your project.
Make sure that you have added the field "Security Levels" to the create screen that belongs to the issue type backing the request you want to set security on.
In my case, I am trying to make all the requests of type "Private Request" restricted to only project role admins. So I need to make sure that Security level is on the create screen for the "Support" issue type.
Once you ensure that the Security level field is on your screen, click the "Edit fields" button and add "Security Level". You'll need to set a value for the field since you cannot allow customers to set the security level.
This will allow certain request types to come in with a restricted set of permissions. If the tickets do not need to be secure, you can always open them back up
Does this make sense?
Thanks!
Kian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Andrea,
Glad I could be of help!
Thanks,
Kian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, so I think I have this set, but it's not working..... here's what i did:
1) created a group in the user admin area of Jira. Added IT specific members
2) created the security scheme as you described
3) added the security level field to the create screens (there are 2)
4) edited that field to be to the security level I created with the IT group
Then, I logged in as a user who has access to service desk as an agent but who is NOT in my group that I assigned to the security level in the scheme. They can still see these tickets. :(
I'm really new at this and certain I must have missed a step.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Could you provide screenshots of your ticket and the configurations you set up?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The pics follow the process I did...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you confirm that on the issue you created the "Security level" is set?
If so, what is is set to?
Thanks,
Kian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Oh man, I think I must not have hit SET when I added it to the create screen. I went in and there was nothing. So I went back tot he create screen and added the security level field, set it (correctly this time) and created another new ticket..... and now it works. Human error on my part.
I'm good to go now.
Thank you very much for your help!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Andrea, If this was helpful, please accept the answer (this would be #100!)
Thanks,
Kian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I also wanted to implement this solution to restrict a certain issuetype.
But when I reach the final step (Set the value for the security level), it keeps saying "None".
I followed al the steps above, what am I missing?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Jacoline Melis , if you haven't resolved this, I had a similar problem and I found out you can solve this problem by adding yourself to the group you set into the security scheme or you add administrator gorup to the security scheme. This will give yu the ability to set the security value.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Andrea Landwehr - Your step by step info was great. I was able to create a form with permissions that work exactly as needed. Thank you for all that detail.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for confirming that the customer cannot set the security level - I wanted to allow this and could not figure out why it was so hard.
That said, it would be great if we could allow the customer to set the security level; we usually don't need our tickets hidden, but sometimes we have confidential requests. At the moment, the only solution I see is to treat everything as high security until cleared by the customer, which is not quite ideal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Juli Talvensaari, I believe you could create a new request type with that specific security level applied?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I want to associate a security level with an issue type in JWM in the cloud and am yet to find the instructions for this. Who's going to share them?
I've associated it with a project. (It were enough if I limited the project to an issue type. I have found no reason to do this.)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.