How to allow a user to see specific tickets w/o issue security

Very interesting! Thank you @Angélica Luz for this valuable information and a thank you to @Daniel Eads for sharing this post!

You're very welcome @Fadoua
I'm so glad that the article is helpful!

Regards,
Angélica

Does this approach make the project name (but not the issue details) visible to everyone, even if they are not logged in?

Hi @Matt Doar__ LinkedIn, 

Thank you for your question.

The name of the projects will be available only for internal users, those who are logged in.

This configuration does not make the project public, because when you add the name of the user (step 4) only this user will see the project list.

Regards,
Angélica

I remember now. When you have a set of users who are third party contractors and they are not supposed to see the names of any projects that they don't have access to (they don't have Browse Projects permission). Then adding a User Picker field to the Browse Projects permission allows them to see the project name (but still not the issues).

So if your project name or key is sensitive, this approach will leak that information to all authenticated users. Probably not a big deal in most cases but good to know. Unauthenticated users will not see any project information. Tested in Jira 8.0 EAP.

Hi @Matt Doar__ LinkedIn,

I know that it has been a while, but I was searching for something else and found a bug related to your concern about the projects' names and I would like to share here:

- https://jira.atlassian.com/browse/JRASERVER-34389
- https://jira.atlassian.com/browse/JRASERVER-31720

Regards,
Angélica

Exactly, thank you for adding them. Just one of those things it helps to know :)

Hi Angelica,

This is an amazing solution 

thanks,

Sayan

Hello - This solution worked for what I needed to do. But why doesn't it send a notification to the user who's tagged?

Hi @Steven Slezak,

Welcome to the Community!

The user will receive a notification if you mention them in a comment, for example, but they won't receive a notification when you select them on the field you created. The field is a User Picker custom field the same as the Assignee field, but it doesn't have the same functionality, so the person won't be notified when you select them.

Kind regards,
Angélica

Hi @Angélica Luz 
Great article, it looks like the answer to my prayers. 
However I am getting stuck at step 1, and I am wondering if this approach works with the next gen projects?

Hello @Irene Ryan,

The steps apply only to classic (company-managed) projects. 

On next-gen (team-managed), it’s not possible to add a field to the permissions, and also, the available permissions on Project settings > Access don’t allow only “View” issues.

Kind regards,
Angélica

@Angélica Luz 

Is it normal that with this solution the user can see all tickets in the search bar like "last tickets" etc also from other projects?

Hi @André Borges,

Thank you for your question.

I tested the workaround again just to make sure I wasn’t missing something since Jira change a lot since I posted this article and with my test user I wasn’t able to view other tickets. It only shows tickets the user has access to.

If the user is seeing the tickets it means that a group they are part of was added to the permission scheme. Sometimes they can see the ticket, but if they click on it, they won’t be able to view the details.

Note that some permission schemes are shared between projects, so if a group the user is a member of was added to the Browse project permission and the other three projects use the same scheme, the user will be able to see all of them.

Thanks didn't know about how to do that.
It worked 👌👌

Thanks it's work, but is any option to automatization bettwen this custom field and "Request Participation" filed in service desk type project? I mean when i pick some users in first field, then i would like same people in second field.