Black projects setting a security scheme

Dconte May 16, 2013

Greetings,

Is it possible to create a security scheme for black projects that not even the Sysadmin can see?

It is critical to either mask fields, for hide the data, or simply if you are not a member of a restricted group you can't get access without a password?

Thanks,

dc

4 answers

1 accepted

0 votes
Answer accepted
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 20, 2013

Like Nic said - you can't. JIRA's security model is based on opt-in - not exlusionary. That said you could have your sysadmins log in as sysadmin-bob, sysadmin-harvey etc instead of using their 'normal' accts of bob and harvey. That seperation of duties might help some.

0 votes
Dconte May 20, 2013

I am the SysAdmin, and I believe I found a way through that will satisfy my security folks, thanks for the feedback and promopt replies.

0 votes
Dconte May 20, 2013

Perhaps I will write plugin to address this requirement

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 20, 2013

I don't think you can.

I think you can write something that will block or hide data from admins (although I suspect you might find it quite difficult). But, as an admin, I can disable or remove plugins...

I think you'll need to tweak the core code to stop admins from being able to see it and remove it, and of course, you then have the issue that your admins won't be able to support the system because you've blocked them.

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 16, 2013

No, Jira doesn't do any of these things. Specifically answering your two questions:

You CAN set a security scheme which doesn't include system administrators, that's quite simple - just leave them out. However, as system administrators, by definition, they have access to the security scheme and the rights to change it, and/or their own profiles to let them in.

Security schemes hide the entire issue based on an arbitrary "level". Permission schemes hide entire issues or projects on a more generalised basis. (The difference is a permission scheme says things like "only group X", "only assignee", or, for advanced cases, "only the person who reported the issue". Security schemes do it by "on;y group Y can see issues with security level Z"). However, there are no field-level permissions, and no password protections.

Suggest an answer

Log in or Sign up to answer