Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue security scheme and level

Ambica Seshasayee
Ambica Seshasayee December 10, 2019

The requirement:

We have qualified a few issues across projects as secure issues which needs to be seen only by the assignee and reporter of the issue. The projects' Security Scheme has a level created called "Secure" so that issues that are moved to that level have only assignee and reporter access.

However, since this configuration can only be done by a System Administrator(s), it is open to errors or vulnerabilities if the sys admins inadvertently add any additional users to this level. The assignee and reporter of the issues marked "Secure" wouldn't possibly be aware of more users being able to access their secure issue.

1. Whats the best way to revert or disable any change to the "Secure" level by Sys Admins whose only users can be assignee and reporter?

2. How can assignee and reporter know who all can access their secure issue from the issue itself?

Thanks,

Ambica

Answer
Watch
Like Be the first to like this
223 views

1 answer

0 votes
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 11, 2019

Hi @Ambica Seshasayee - You might try changing the Permission Scheme to not give Sys Admins wholesale access to those Projects. Use Project Roles for the Browse Projects values to limit who can see the projects. If a Sys Admin needs access to the project, he/she should be placed in a project role by name and not as the Administrators group.

For number 2, if only the Assignee and Reporter can see the issue based on the security scheme, then they already know who has access. 

That being said, we have created additional custom fields called Needs Access, Needs Access2, etc. The security scheme allows anyone in those fields to see the issue. But only people who can already see the issue can add people into those fields - you can't add yourself, for example. 

I hope that helps!

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events