Limiting External Consultants View on a Single Project

JanaW
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 19, 2020

Use Case:  We have a consultant that works for a customer that is being loaned to us to help work on a sprint due to their expertise. They essentially will be working as a team member on a given project. We would like to "limit" their availability to only view certain stories in the project as we do not want to expose all the work we are doing to essentially our "customer".

Can this be accomplished? We are even open to exporting the acceptable stories to a confluence page and restrict their ability to actually access JIRA.

Any help would be appreciated. Thanks!

1 answer

1 accepted

0 votes
Answer accepted
Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 19, 2020

Hi @JanaW ,

There are several ways to accomplish this.

One way is to implement issue-level security on your project. It basically adds an additional layer of security on your project that allows you to set visibility at issue level. Read more on how to configure this here. 

An alternative would be to add a user custom field to your project screens where that allows you to add the user to the issues he/she needs explicit access to. Then update your permission scheme to grant the necessary permissions based on that custom field:

Screenshot 2020-11-19 at 19.13.42.png

You'll have to grant several permissions this way though (browse project, assign issues, edit issues, comment, ... => everything necessary to be able to work) and - as the message in the above screenshot says: it has the unwanted effect that your project is suddenly exposed to any user of your Jira instance (not the issues, just the project name).

In terms of behaviour, the first option would probably require you to set the issue security to something like Internal only for all issues by default and you would need to set the security level to e.g shared externally for the exceptions. The second option allows you to do nothing specifically, just add the external user to those tickets he/she needs to see. And keep in mind that you potentially expose the project name to users that should actually not see it.

JanaW
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 23, 2020

Thank you very much!!!

Suggest an answer

Log in or Sign up to answer