Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Add watcher to issue security secured issue

Robin Peters
Robin Peters
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 5, 2017

Hello,

We are using the add watcher field (https://marketplace.atlassian.com/plugins/com.burningcode.jira.issue.customfields.impl.jira-watcher-field/versions#b156).

And we have a project secured by issue security schemes.

Is it possible to allow browse issues just to users that are in "watchers" role and to edit the watchers after creation?

In issue security scheme I could add "User Custom Field Value (Add Watcher)", but I cannot add new users to watchers. Everytime I try I get message "The user "ttester" does not have permission to view this issue. This user will not be added to the watch list." althought he has permissions to browse project. How can I setup such a configuration?

Best,

Robin

Answer
Watch
Like # people like this
5716 views

1 answer

1 accepted

5 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 6, 2017

Because you are using issue level security, you can't actually use the watcher field in order to grant this user access to that issue.   It's not project permissions that are preventing this, it's a limitation of the issue security.  But I think this is by design.

If you check out the Issue Level Security: Adding members to a security level, it explains that:

A security level's members may consist of:

  • Individual users
  • Groups
  • Project roles
  • Issue roles such as 'Reporter', 'Project Lead', and 'Current Assignee'
  • 'Anyone' (eg. to allow anonymous access)
  • A (multi-)user or (multi-)group picker custom field.

This doesn't permit you to use watchers to give security access specifically.  However what you could do is create a multi-user or multi group custom field, and have that custom field appear on this project.  From there you could change the issue level security to grant users access that are on that field.  From there you can manually edit that custom field for all the issues where you want to grant this user/group access.  

It is not as simple as using the watcher field would be, but this one way to be able to manage and adjust access to issues when using security levels in Jira.

View More Comments
Robin Peters
Robin Peters
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 16, 2017

This worked nice. Thank you.

Like
System Administration
System Administration March 6, 2019

This is silly and barely qualifies even as a workaround.  The big problem is that you cannot remove the existing watchers field, so adding a second one is going to cause confusion.

A watchers field is just a list of users, not fundamentally different from the custom user field you mentioned, so it seems like a huge oversight to not allow users to include watchers as a selectable group for other purposes.

Like # people like this
Brian McClung
Brian McClung May 28, 2019

I have to agree, that while this fulfills the ask, it's a terrible work around.  We encourage administrators to reduce fields as much as possible, not a duplicate field that already exists so that we can accommodate basic functionality.  @Andy Heinzer are there plans to fix this in future releases?

Like # people like this
Brian McClung
Brian McClung May 28, 2019

@Andy Heinzer I see this feature request: https://jira.atlassian.com/browse/JRASERVER-7663

And it has been marked as resolved, but I can't tell if it was fixed or just resolved as there's a work around.  Would it be possible to get clarification?

Thanks.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 29, 2019

Hi Brian,

Technically that feature request was implemented and marked as resolved.  However I fear that the title is a bit more broad that what I think you are looking for here.  Before that request it wasn't possible to grant the watchers entity permissions at all in Jira.

However the original question here was in regards to using the watchers field as a means to restrict user visible content within a issue security scheme, not a permission scheme.  They are certainly related concepts, but technically these are different mechanisms within Jira.   As such I don't feel that JRASERVER-7663 applies to this particular case.

Instead I think the current feature request to watch for the original question is now JRASERVER-5982.  The issue is listed as gathering interest status.  There is not a clear time table for if or when it might come to Jira Server, but it is being tracked.

Andy

Like Brian McClung likes this
Brian McClung
Brian McClung May 29, 2019

Thank you for the response @Andy Heinzer !  I've added my vote to that issue!

Brian

Like
System Administration
System Administration May 29, 2019

The ticket you linked to is over FOURTEEN YEARS old.  I have voted for it as well but I am not going to hold my breath.

Like paulacruickshank likes this
Saskia Zeedijk
Saskia Zeedijk January 22, 2020

There is also another related ticket created for this missing functionality: https://jira.atlassian.com/browse/JRASERVER-45488.

Like
YJ Huang
YJ Huang June 5, 2023

I created a multi-user picker and a security level drop-down list with the following code:

/** Security Leve toggle event handler */
function toggleSecurityWatchers() {
var security_watchers = document.getElementById("customfield_12500");
var security_watchers_container = $('#customfield_12500_container');
var security_watchers_div = security_watchers_container.parent();
var security_select = $('#security');

function updateSecurityWatchersVisibility() {
var selectedOptionText = security_select.find("option:selected").text().trim();
security_watchers_div.toggle(selectedOptionText === 'Only visible for "Security Watchers"');
}

updateSecurityWatchersVisibility();

security_select.on('change', function() {
updateSecurityWatchersVisibility();
});
}

toggleSecurityWatchers();

 

Do you know the usage of the following code:

JIRA.bind(JIRA.Events.NEW_CONTENT_ADDED, function (event, $context, reason) {
    if (reason === JIRA.CONTENT_ADDED_REASON.pageLoad || reason === JIRA.CONTENT_ADDED_REASON.panelRefreshed) {
        setCommentPosition();
    }
});
And can we hide the “Security Watcher” field in the “People” section when the security level is not "Only visible for "Security Watchers”?
Thanks,
Jason
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events