It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Black projects setting a security scheme

Dconte May 16, 2013


Is it possible to create a security scheme for black projects that not even the Sysadmin can see?

It is critical to either mask fields, for hide the data, or simply if you are not a member of a restricted group you can't get access without a password?



4 answers

1 accepted

0 votes
Answer accepted
Daniel Wester Community Leader May 20, 2013

Like Nic said - you can't. JIRA's security model is based on opt-in - not exlusionary. That said you could have your sysadmins log in as sysadmin-bob, sysadmin-harvey etc instead of using their 'normal' accts of bob and harvey. That seperation of duties might help some.

0 votes
Nic Brough [Adaptavist] Community Leader May 16, 2013

No, Jira doesn't do any of these things. Specifically answering your two questions:

You CAN set a security scheme which doesn't include system administrators, that's quite simple - just leave them out. However, as system administrators, by definition, they have access to the security scheme and the rights to change it, and/or their own profiles to let them in.

Security schemes hide the entire issue based on an arbitrary "level". Permission schemes hide entire issues or projects on a more generalised basis. (The difference is a permission scheme says things like "only group X", "only assignee", or, for advanced cases, "only the person who reported the issue". Security schemes do it by "on;y group Y can see issues with security level Z"). However, there are no field-level permissions, and no password protections.

0 votes
Dconte May 20, 2013

Perhaps I will write plugin to address this requirement

Nic Brough [Adaptavist] Community Leader May 20, 2013

I don't think you can.

I think you can write something that will block or hide data from admins (although I suspect you might find it quite difficult). But, as an admin, I can disable or remove plugins...

I think you'll need to tweak the core code to stop admins from being able to see it and remove it, and of course, you then have the issue that your admins won't be able to support the system because you've blocked them.

0 votes
Dconte May 20, 2013

I am the SysAdmin, and I believe I found a way through that will satisfy my security folks, thanks for the feedback and promopt replies.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira Software

How to prevent the propagation of unused project schemes, workflows & screens in Jira software

Atlassian ranks project attributes as the third most important factor impacting performance in the category of data. It’s not surprising, since project attributes are precisely the rules used to ma...

1,337 views 1 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you