Hi Weeda - Welcome to the Atlassian Community!
You can do it but it is a little convoluted.
You would setup Issue Level Security for the project with the Epic. Then apply the Security Level to the Epic itself.
In the security level you would grant access to the all users basically so more than just the external user can see it.
However, you would need to change the permission scheme for every project to not allow all users to have the Browse Project permission.
If I have a Company Level instance of Jira I am working on setting up. And one of the requests is to have certain Vendors only have access to certain information, makes sense. My thinking was setting up Security Access at the EPIC or EPIC's level. My thinking to do this is that I see the benefit of all of IT eventually working in Jira and Project level work is killing us. The same resource on 3 Jira Project etc...Is there a better way to solve this? Or what is the best way to solve this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If they vendor can see all of the issues in a single project, then you can handle that with the Permission Scheme - only grant that permission to the vendor/user.
If they can see some issues on the project but not other issues, then you will have to do that with Issue Level Security. But you can't just set the security level on the Epic - it has to be on every issue under the Epic also.
Not sure that I am fully understanding the need/question though.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As a company that works with many vendors and I want to restrict as so that the vendor only focuses on their work and is unaware of other competing work so that Vendors do not get exposed to Secure content or Industry leading requirements comprising our cutting edge development activities.
AC:
Company setup in Jira to take advantage of Company instance features
Vendors restricted to their work
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would implement Issue Level Security with a default security level that does not let any vendors see the issue.
Then I would create a security level for each vendor and add the ability of that particular vendor do see the issues.
You can see more about how to implement Issue Level Security here:
https://confluence.atlassian.com/adminjiracloud/configuring-issue-level-security-776636711.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.