Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,861
Community Members
 
Community Events
176
Community Groups

Is there a way to allow @mention without them being able to see All People?

Edited

We have just migrated our JIRA to the new JIRA cloud version

Clients are in their own user group and when I give them permission to Browse projects and People in Global permissions they can @mention on issues BUT they also can go to the People Tab and search for all people and teams which is a Privacy issue.

There is no @mention permission on its own in the Global permissions it is tied to Browse.

So i have had to remove their permission on Browse as Privacy is a huge concern for any company these days - its data really. 

Is there a way that I can let people @ mention people on their project without giving them extra access!

Surely someone clever has solved this before (and I am not technical).

Thank you!

2 answers

1 accepted

0 votes
Answer accepted

I'm afraid Jira has a very flat user access scheme.

You can either see everyone, or you can't (and if you can't, you still can mention them, but you have to know their ids).

Although it's a flat yes-or-no, it would not make any sense to have "mention but can't browse" - if you don't want people to see the list of other people, they you absolutely don't want people to be able to get the list by typing things into a comment and seeing what the autocomplete gives back.

Thanks for taking the time to respond. I had hoped that clients could just @mention anyone that is assigned to their project and not see any other People tabs or people not related to their project. 

With APRA regulations and tightening security I don't want clients to see any other client data even if it is just their name.

They LOVE the @mention feature though so hopefully maybe there will be something in the future that is locked down to project permissions.

I have just discovered this issue and it is impossible for me to accept as ok. Surely there must be a way in a project management tool such as Jira to not be forced to expose other client and developer information to each other but still allow them the absolutely necessary feature of tagging only other people in the project they have access to on tasks for easy communication. 

Does anybody have guidance? Discovering that my clients can freely browse my other client's staff and development resources really knocked the wind out of me after years of trusting my Jira and Confluence environments for everything. 

What "issue"?

Jira lets you share your issues, so everyone can see the problems.  What is wrong with "client A has a problem, not sure B does, but let's be open that they do"?

Hello Nic,

the issue is, that there are deployment scenarios, where this "openness" is not tolerable, e.g. from data privacy perspective, or simply from company policy perspective.

Example: Software supplier Awesome software Ltd offers a Jira installation to all their customers (B2B, no B2C). For every customer a separate project is being created where the following people can access

  • Account management from supplier
  • Technical support from supplier
  • Support staff from customer

Now I want to enhance the user experience for the customer support staff allowing them to mention my staff in comments. This at the moment is only possible by granting them global permissions, which then would also allow them to see/browse people from support staff from other customers. But it is against my policy, that they get access to contact details for other customer's person, maybe I do not prefer to disclose whom my customers are, but maybe also other customers do not want to be disclosed.

PS: it is also subject of this CR: JRASERVER-69026

That seems like quite a foolish policy to me - it tells me that you have no trust in your organisation.  

But yes, Jira doesn't support your case, and I don't think it ever will.  The improvement request you've got there won't be implemented in a way that solves your problem, if it ever makes it into the "yes, do this" list.

Hi Nic,

I guess there is a misunderstanding. From my organisation, which provides  the Jira instance, all users are open. But what I want to avoid is disclosing information, even contact information, between my customers. Neither nor do I want this.

Regards

Philip

Customers should never be able to see other users, so there's no actual problem here.

Customers can, if they are granted the global "browse users" permission. And this is required to "properly" use the "mention" functionality. Otherwise they need to manually enter the user in the comment box. With "properly" I mean here that it offers auto-completion for user name.

The ideal solution would be that the auto-completion only suggests users from the same project...

Ah, sorry, when you said "customers", I assumed you meant Service Management "customers".

You don't mean customers, you mean "people we are collaborating with in Jira".

"browse for people in the same project" simply isn't useful, and will never be implemented.  Different end users have different definitions of "in the project", and it's too variable to be of much, plus it's damn hard to code for.

I think the best you'll ever get is something to do with "I can nominate people in my team" (which you can't define with groups because everyone is in a "can log in" group)

Hi Nic,
Why can a user without browse user permission still mention another user in a comment using the notation [~user.name], but the system doesn't send an email to the mentioned user? The mentioned user is known at that point. What does sending an email have to do with browsing users anymore?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS

Atlassian Community Events