It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to allow a user to see specific tickets w/o issue security

If you don't want to use Issue security to restrict users to see tickets and also don't want all your users to see all tickets available in Jira, this article will help you achieve this.

By simply adding a user picker custom field in the permission "Browse Project" you can choose the ticket and the user that you want to share with.

 

1 - Create a custom field with the type "User Picker (multiple users)" and add to the project screen.

Screenshot 2018-08-14_17-26-20.png

2 - Go to the Project settings > Permission and add the custom field on Browse projects > User custom field value > Grant.

Screenshot 2018-08-14_17-28-51.png

Screenshot 2018-08-14_17-29-15.png

3 - Go to the ticket that you want to share with this user and click on Admin > Add field.

4 - After clicking on Edit field, on the next screen, you will type the users' name and Submit.

Screenshot 2018-08-14_15-14-47.png

Screenshot 2018-08-14_15-15-03.png

NOTES

  • Users must be added to the default group of the desired product, it means that they will count as a licensed one.
  • Users added to this field will be able to see all projects, but not the issues. They will only see the issue if you add their name.
  • If you want the user to comment on the ticket, then just add the same custom field on "Add Comments" permission as well.

 

Hope this helps!

If you have questions or feedback, please let us know.

7 comments

Fadoua Community Leader Sep 07, 2018

Very interesting! Thank you @Angélica Luz for this valuable information and a thank you to @Daniel Eads for sharing this post!

You're very welcome @Fadoua
I'm so glad that the article is helpful!

Regards,
Angélica

Does this approach make the project name (but not the issue details) visible to everyone, even if they are not logged in?

Hi @Matt Doar__ LinkedIn

Thank you for your question.

The name of the projects will be available only for internal users, those who are logged in.

This configuration does not make the project public, because when you add the name of the user (step 4) only this user will see the project list.

Regards,
Angélica

I remember now. When you have a set of users who are third party contractors and they are not supposed to see the names of any projects that they don't have access to (they don't have Browse Projects permission). Then adding a User Picker field to the Browse Projects permission allows them to see the project name (but still not the issues).

So if your project name or key is sensitive, this approach will leak that information to all authenticated users. Probably not a big deal in most cases but good to know. Unauthenticated users will not see any project information. Tested in Jira 8.0 EAP.

Hi @Matt Doar__ LinkedIn,

I know that it has been a while, but I was searching for something else and found a bug related to your concern about the projects' names and I would like to share here:

- https://jira.atlassian.com/browse/JRASERVER-34389
- https://jira.atlassian.com/browse/JRASERVER-31720

Regards,
Angélica

Exactly, thank you for adding them. Just one of those things it helps to know :)

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you