You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Every project or team operates differently, even within the same organization. Customizing Jira ensures that you're capturing the right information, adhering to specific workflows, and facilitating collaboration processes efficiently for all users.
As a Jira admin, you play a pivotal role in harnessing the power of Jira and tailoring the tool to the specific needs of your users. One of the most critical aspects of administering Jira is to set up the right security and permission for appropriate access to data.
In this article, we’ll discuss security permission in Jira and how to implement it for different use cases.
Jira lets you control who can access and perform actions at the project to issue levels through permission schemes and issue security schemes. These schemes manage user access to issues and their visibility, but they don't offer fine-grained control over field values within an issue.
This configuration governs access to various functions and actions at both the project and issue levels. You can create and configure permission schemes that determine who has permission to edit or view issues. You can assign permission schemes to respective projects.
Tailor your permission schemes by assigning users and groups to project roles. You’ll need to define a new permission scheme and associate with the relevant projects, typically, similar projects would share the same scheme to avoid redundancy.
In this example, we’ve added the ‘HR Permission scheme’ for all projects within HR department. Particularly, only project admins and HR user group can perform specific actions, while other users can access them in read-only mode.
For team-manage projects, the access permission is applied to individual project.
While permission schemes manage broad access, issue security schemes allow you to restrict who can view specific issues or their details. This is particularly valuable when handling sensitive or confidential data.
You can configure security levels and associate them with specific issues. Users who don't have the necessary security level won't be able to see the restricted information.
From the Permissions configured in the example above, we can establish additional security levels to differentiate the user’s job role.
We’ve defined different access for HR Manager and Team Members as below:
So we can now limit issue access to only those who need to see sensitive HR information such as Contract issue type. Simply select the appropriate level when creating the issue:
However, this operates at the issue level and doesn't restrict access to individual field values within an issue.
Next, let’s talk about more issue customization & configuration for different layers of security requirements.
In Jira, you can also configure field-level security for custom fields. This allows you to restrict who can view or edit specific custom fields on an issue-by-issue basis. In some cases, this feature may require additional plugins or extensions.
Jira allows you to create custom fields to capture specific data. You can define the behavior of these fields, including whether they are mandatory or optional, and set default values. While this doesn't control access to the field, it does control its behavior, including whether the field is hidden or visible for a particular issue type.
Learn more: Specify field behavior | Atlassian Support
Another simple method is to associate custom fields with specific issue types, projects, or screens. This means you can control which fields appear on which issues, but this is primarily about customizing the user interface, not restricting access to field values.
Learn more: Edit a custom field context | Atlassian Support
Jira automation allows you to create rules that automate actions in response to various triggers. While you can't directly restrict access to field values, you can use automation to enforce rules such as changing a field value based on certain criteria or triggering actions when a particular field changes.
Depending on your specific requirements, you might find third-party apps for Jira that offer more advanced control over field-level permissions. These apps can extend Jira's capabilities and allow for fine-grained control over who can edit or view field values.
Marketplace search results for field-level security apps: Search for apps | Atlassian Marketplace
Typically, you can define a new custom field for your specific project and issue type and then, configure field permission accordingly. It will hide the field value from unauthorized users, while they can still see generic information about the issue.
For example, personal contact information of employee ticket:
While robust security measures are essential, it's equally crucial to balance security with usability. Overly restrictive permissions can hinder collaboration and productivity. Therefore, it's vital to regularly review and refine your security and permission configurations to ensure they align with your evolving project needs.
Do you have any tips that you'd like to share? I'd love to hear your thought in the comments!