We are using Jira Data Center Version, one of our requirements are following
Within a Jira Project we need to give access to External users but at the same time restrict what they can and cannot see
There are 3 key players here
- External users 1
- Internal users
- External users 2
1. External users 1 should ONLY see Jira issues that they ONLY create
2. Internal users will always see any issues created by any users
3. Internal users has an ability to make any issues visible to External users (both External users1 & 2)
How would this be done?
You need to grant browse permission to everyone but create a security level scheme with 1 level.
Let say Restricted, configure it with Reporter, Group (group that have all your internal users or role), User Picker Custom Field (Participants for instance)
By doing so anyone that create an issue can see it internal or external, if you are internal you can see all of them. If anyone add a user to the user picker field they will be able to see it.