Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Default security level for users without permission, or access tiers

For background. here is the setup we want (and did have working, up until recently):

We use Jira for internal issue/bug tracking and all our internal users can see can create/modify any tickets as needed (call them Internal Group).
We also work with an external company who also need to submit issues (call them External  Group). For them, we want them to be able to create new issues, edit them, comment on them, etc. But we don't want them seeing all of the issues on a project. Only their own issues.

We were able to make this work by setting up a Permission scheme and an Issue Security scheme.

The Issue Security scheme we called "Private Issue Scheme"
It has one security level : Private (which is set to the default) and all our Internal users have access issues flagged as Private.

The Permission scheme is set up as a shared scheme across multiple projects where we need this, and we assign it to the projects as needed.

For the most part, the permissions are default, but the External users group only has permissions granted to:
Browse Projects
Create Issues
Edit Issues
Set Issue Security
Add Comments
Delete Own Comments
Edit Own Comments
Create Attachments
Delete Own Attachments

What this resulted in was:
- issues created by users in the Internal group are given the issue security level of "Private" (which is the default, so even if an internal user forgot to set it, the issue would be set to private).

- issues created by users in the External group are given the issue security level of "None" because they didn't have access to the "Private" security level.

All of this worked well for about a year and a half (implemented jan21).

Sometime in the last month, Atlassian changed something within Jira. Now issues created by that External group are given the issue security level of "Private" when they create them. This immediately makes creator lose access to their new issue. This is obviously a problem for us.

Anyone out there have a similar setup and could offer any suggestions? I don't really care about sticking with setup if there is a better way to get what we want.



1 answer

I found a solution using an automation rule

  • When an issue is created
  • And the user is in the External group
  • Set the security level to nothing (none)

Suggest an answer

Log in or Sign up to answer
Site Admin

Atlassian Community Events