Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,369,080
Community Members
 
Community Events
168
Community Groups

How to set up security on an issue type and/or request type basis

We launched a service desk project for our company. We have a set of request types for creating and editing user accounts. Sometimes the information entered is sensitive and we don't want all of our agents able to see the queue or the tickets related. I was doing some reading on some sort of issue security scheme thing, but I don't understand it. 

Could someone help me understand how I could secure these types of tickets? 

1 answer

1 accepted

4 votes
Answer accepted

Hey Andrea, 

Are you looking for all tickets of that specific type to be restricted? If so, you can use issue security levels on those specific request types. It essentially adds another layer of permissions on top of the already existing "Browse Project" permissions. 

Here's how it works: 

Type the "." button to pop up the administration searcher and type in "Issue Security Schemes".

Screen Shot 2019-03-04 at 8.31.16 PM.png

Add a new scheme. 

Inside of the scheme, add new security levels. In each security level, you can define WHO will have the permissions to see that ticket if this security level is set. You could have one security level that is open to all of your agents if you decide a ticket doesn't need to be secure.

Navigate to your service desk project. Add the Issue security scheme to your project. 

 

Screen Shot 2019-03-04 at 8.35.35 PM.png

Make sure that you have added the field "Security Levels" to the create screen that belongs to the issue type backing the request you want to set security on. 

In my case, I am trying to make all the requests of type "Private Request" restricted to only project role admins. So I need to make sure that Security level is on the create screen for the "Support" issue type. 

Screen Shot 2019-03-04 at 8.37.36 PM.pngOnce you ensure that the Security level field is on your screen, click the "Edit fields" button and add "Security Level". You'll need to set a value for the field since you cannot allow customers to set the security level. 


This will allow certain request types to come in with a restricted set of permissions. If the tickets do not need to be secure, you can always open them back up 

Does this make sense? 

Thanks!

Kian

Thank you! This was exactly what I was looking for! 

Andrea, 

 

Glad I could be of help!

Thanks, 

Kian

Ok, so I think I have this set, but it's not working..... here's what i did:

1) created a group in the user admin area of Jira. Added IT specific members

2) created the security scheme as you described

3) added the security level field to the create screens (there are 2)

4) edited that field to be to the security level I created with the IT group

 

Then, I logged in as a user who has access to service desk as an agent but who is NOT in my group that I assigned to the security level in the scheme. They can still see these tickets. :(  

I'm really new at this and certain I must have missed a step. 

Could you provide screenshots of your ticket and the configurations you set up?

The pics follow the process I did...

  • In Jira Settings, I went to User management. In here, I created a new Group called Nasco-IT-Agents. In the Nasco-IT-Agents group I added the people who should have the ability to see/edit these tickets.

group setup.png

  • Next, I went to Jira Settings, chose Issues, and then Issue Security Schemes. Here I created a scheme called User Account Security.

issue security scheme.png

  • I added 2 security levels. The first called Access-Account-Setup with the group of Nasco-IT-Agents assigned to it. The second called Non-IT I attached the project role called Service Desk Team.

issue security scheme details.png

  • Next I went to Jira Issue Settings, Screens and found the Configure screen for the create screen for the SD project. Here, I added the field called Security Level to the General Tab (we have multiple tabs in our tickets.

issue settings config screen.png

  • Next I went to the project, settings, Issue Security. I added the User Account Security scheme I set up.

project settings issue security.png

  • I then went to the request types area, selected user accounts, edited the fields for both of the screens I wanted to set the access for and added the security level field and set it to Access-Account-Setup.

project settings request types.pngproject settings request types field setting.png

Like Sue Lund likes this

Can you confirm that on the issue you created the "Security level" is set? 

If so, what is is set to? 

Thanks, 

 

Kian

Oh man, I think I must not have hit SET when I added it to the create screen. I went in and there was nothing. So I went back tot he create screen and added the security level field, set it (correctly this time) and created another new ticket..... and now it works. Human error on my part. 

I'm good to go now. 

Thank you very much for your help!

Like Miriam Hopton likes this

Andrea, If this was helpful, please accept the answer (this would be #100!)

Thanks, 

Kian

Like Andrea Landwehr likes this

I also wanted to implement this solution to restrict a certain issuetype.

But when I reach the final step (Set the value for the security level), it keeps saying "None".

I followed al the steps above, what am I missing?

Hello @Jacoline Melis , if you haven't resolved this, I had a similar problem and I found out you can solve this problem by adding yourself to the group you set into the security scheme or you add administrator gorup to the security scheme. This will give yu the ability to set the security value.

Like Alan Bruce likes this

Thanks a ton PucciG! Saved me a bunch of troubleshooting time.

@Andrea Landwehr   - Your step by step info was great.  I was able to create a form with permissions that work exactly as needed.  Thank you for all that detail.

Thanks for confirming that the customer cannot set the security level - I wanted to allow this and could not figure out why it was so hard.

That said, it would be great if we could allow the customer to set the security level; we usually don't need our tickets hidden, but sometimes we have confidential requests. At the moment, the only solution I see is to treat everything as high security until cleared by the customer, which is not quite ideal.

@Juli Talvensaari, I believe you could create a new request type with that specific security level applied? 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events