How to implement issue-level security per epic to restrict users from other organisations that we would be adding to our boards, but would want them to have visibility into epics needed by them only
You will not be able to create the issue security level directly against an organization. So you will need to be sure that the persons in the organization are in a project role for that project or a group. Then you can set up the issue security level against the project role or the group.
As Jira is highly customizable, a solution is to add the users from the other organization into a user group, so if you have a group for each organization, you'll be able to add a group to the issue level.
Adding users to the group would need to be done by your Jira administrator.
A working example:
Kindly let me know if you have further questions.
Indeed you can create roles as well as suggested by @Pramodh M
Please note that the roles will be available for project managers to use them in the entire instance. This can be a downside or could be the solution your are looking for.
But in the end, look at the documentation provided (https://support.atlassian.com/jira-cloud-administration/docs/configure-issue-security-schemes) and grant the group or role that fits your case the most.
For instance if I create a role say ABC org - would I be able to restrict their access to particular epics (previously created) and the stories within them only and not the entire project. If so please let me know how. I saw videos on limiting certain issue type to certain users only but they all showed new issue types being associated.
Yes, In the documentation are specified the steps to create and associate the Issue security level and adding members to a security level.
In essence, when an Issue (either epic or any issue type), has set an issue security level, in order for a user to see the issue, the user would need to have Browse permission on the project and also be a member on the issue security level in which the issue has been set.
In the issue I shared, the issue security levels are on the left and the possible members on the right.
If an issue is set to the level that was first shown, then only the following users/groups/project roles would be able to see it:
Kindly review and let me know if you have further questions.
So if the user/group has browse permission on the project , it is likely that they will have access to all other issues in the project? which is something I don't want.
In essence I need these external users to have access to just the epics/stories I need them to have access to. Will that be possible?
If a user has Browse project permission and there is no Issue Security set on the project, then the user will have access to all issues.
The Browse project permission is the minimum permission required for the user to see the issues, like a basic permission.
If the Issue Security is set on the project, then the user will have access to the issues that don't have any issue security level set (Depending on the configuration).
If the Issue Security is set on the project and all issues in the project have an issue security level set, then the user will see only the issues where the issue has configured access to the level where the user is member, meaning, the user would only see where the issue level is configured for the user to see.
Create roles and restrict the roles with specific security level by associating the issue security level scheme with the project
For a detailed guide, visit the documentation
Let me know if you have any query
Hello Atlassian Community! Feedback from customers like you has helped us shape and improve Jira Software. As Head of Product, Jira Software, I wanted to take this opportunity to share an update on...