You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We have just migrated our JIRA to the new JIRA cloud version
Clients are in their own user group and when I give them permission to Browse projects and People in Global permissions they can @mention on issues BUT they also can go to the People Tab and search for all people and teams which is a Privacy issue.
There is no @mention permission on its own in the Global permissions it is tied to Browse.
So i have had to remove their permission on Browse as Privacy is a huge concern for any company these days - its data really.
Is there a way that I can let people @ mention people on their project without giving them extra access!
Surely someone clever has solved this before (and I am not technical).
I'm afraid Jira has a very flat user access scheme.
You can either see everyone, or you can't (and if you can't, you still can mention them, but you have to know their ids).
Although it's a flat yes-or-no, it would not make any sense to have "mention but can't browse" - if you don't want people to see the list of other people, they you absolutely don't want people to be able to get the list by typing things into a comment and seeing what the autocomplete gives back.
Thanks for taking the time to respond. I had hoped that clients could just @mention anyone that is assigned to their project and not see any other People tabs or people not related to their project.
With APRA regulations and tightening security I don't want clients to see any other client data even if it is just their name.
They LOVE the @mention feature though so hopefully maybe there will be something in the future that is locked down to project permissions.
I have just discovered this issue and it is impossible for me to accept as ok. Surely there must be a way in a project management tool such as Jira to not be forced to expose other client and developer information to each other but still allow them the absolutely necessary feature of tagging only other people in the project they have access to on tasks for easy communication.
Does anybody have guidance? Discovering that my clients can freely browse my other client's staff and development resources really knocked the wind out of me after years of trusting my Jira and Confluence environments for everything.
the issue is, that there are deployment scenarios, where this "openness" is not tolerable, e.g. from data privacy perspective, or simply from company policy perspective.
Example: Software supplier Awesome software Ltd offers a Jira installation to all their customers (B2B, no B2C). For every customer a separate project is being created where the following people can access
Now I want to enhance the user experience for the customer support staff allowing them to mention my staff in comments. This at the moment is only possible by granting them global permissions, which then would also allow them to see/browse people from support staff from other customers. But it is against my policy, that they get access to contact details for other customer's person, maybe I do not prefer to disclose whom my customers are, but maybe also other customers do not want to be disclosed.
That seems like quite a foolish policy to me - it tells me that you have no trust in your organisation.
But yes, Jira doesn't support your case, and I don't think it ever will. The improvement request you've got there won't be implemented in a way that solves your problem, if it ever makes it into the "yes, do this" list.
Customers can, if they are granted the global "browse users" permission. And this is required to "properly" use the "mention" functionality. Otherwise they need to manually enter the user in the comment box. With "properly" I mean here that it offers auto-completion for user name.
The ideal solution would be that the auto-completion only suggests users from the same project...
Ah, sorry, when you said "customers", I assumed you meant Service Management "customers".
You don't mean customers, you mean "people we are collaborating with in Jira".
"browse for people in the same project" simply isn't useful, and will never be implemented. Different end users have different definitions of "in the project", and it's too variable to be of much, plus it's damn hard to code for.
I think the best you'll ever get is something to do with "I can nominate people in my team" (which you can't define with groups because everyone is in a "can log in" group)
Why can a user without browse user permission still mention another user in a comment using the notation [~user.name], but the system doesn't send an email to the mentioned user? The mentioned user is known at that point. What does sending an email have to do with browsing users anymore?