Default filters expose all issues - how can I manage the default out of the box filters
We have a project - utilizing the cloud abilities, we have 7 different groups connected to the main project.
Each group is not supposed to view the other group's issues.
Permissions are set for each group. this works fine
BUT JIRA CLOUD has default filters the expose everything to everyone
How can I restrict viewing through these filters. They bypass the permission schemes
I am not sure what you mean by "default" filters, but you can create and use any filters you would like and only share them with particular groups or project roles.
Can you provide some more information as to what you are trying to do? Or where you are using the filters
If all of the issues are on the same project, the only way you will be able to hide some issues from other users on the same project is to use Issue Level Security. You can find more information about how to implement that here:
Individual boards may use different filters - and those filters might be shared with different users. But that only applies to whether the users can see the boards or not - not the actual issues. So if they just create their own filter, they could see all of the issues.
The only around that is to use issue level security.
The issue security scheme exists - and is in use, very good in areas I can access.
I did not find a way to implement the security scheme on the default filters
The Dashboards and Other boards do not implement default filters, only filters I created. The default filter is supplied by Atlassian, can not see save, edited, removed....
Users should not see issues that they cannot see as a part of the security scheme - including the project level issues.
You can test by having the user run a filter for key = ABC-123
where ABC-123 is the key of an issue they should not see based on the security scheme. If they don't see it in the filter, they should not see it in the list of issues.
Individuals can only see issues that they have permissions to see. For example if Fred doesn’t have access to project tempo then any default filters that might include issues in that project will not be visible to Fred. However maybe you were seeing something different? If you could give some real examples of where you’re seeing problems I might be able to investigate this a bit further.
The permission scheme
1) in order to allow the users to view the project have the browse project permission,
2) all Boards, Dashboards are managed by filters that restrict displaying, only the correct group can view their issues,
3) there are default filters, supplied by Jira, when you create a new project these filters are not editable, nor can I hide them
4. the default filter displays all issues with no regard to the security level nor the permissions. it is attached herein.
TBH I am not using issue security but am quite surprised to hear that any filter default or otherwise would show issues to a user that stand in conflict with the security scheme.
@John Funk , you use security schemes I think? Are you seeing this behavior? If so this should be a bug that needs reporting.
Atlassian KNOWS THERE IS A PROBLEM:
"The Browse Project permission may make project details visible to all users in directories and while searching Jira
There’s a known issue when granting a User custom field value, Reporter, Current assignee, or Group custom field value the Browse Project permission. In these cases, a project becomes visible to any logged in user on your Jira site.
The issue is caused by an intentional design in Jira’s backed that couples the Browse Project and View issue permissions. We’re currently working to decouple these permissions."
Hello Community! We thoroughly enjoyed this just-for-fun conversation in the Jira Admin Group about what it's like to be a Jira Admin. For #JiraJuly, our talented designers created these graphics t...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events