For background. here is the setup we want (and did have working, up until recently):
We use Jira for internal issue/bug tracking and all our internal users can see can create/modify any tickets as needed (call them Internal Group).
We also work with an external company who also need to submit issues (call them External Group). For them, we want them to be able to create new issues, edit them, comment on them, etc. But we don't want them seeing all of the issues on a project. Only their own issues.
We were able to make this work by setting up a Permission scheme and an Issue Security scheme.
The Issue Security scheme we called "Private Issue Scheme"
It has one security level : Private (which is set to the default) and all our Internal users have access issues flagged as Private.
The Permission scheme is set up as a shared scheme across multiple projects where we need this, and we assign it to the projects as needed.
For the most part, the permissions are default, but the External users group only has permissions granted to:
Set Issue Security
Delete Own Comments
Edit Own Comments
Delete Own Attachments
What this resulted in was:
- issues created by users in the Internal group are given the issue security level of "Private" (which is the default, so even if an internal user forgot to set it, the issue would be set to private).
- issues created by users in the External group are given the issue security level of "None" because they didn't have access to the "Private" security level.
All of this worked well for about a year and a half (implemented jan21).
Sometime in the last month, Atlassian changed something within Jira. Now issues created by that External group are given the issue security level of "Private" when they create them. This immediately makes creator lose access to their new issue. This is obviously a problem for us.
Anyone out there have a similar setup and could offer any suggestions? I don't really care about sticking with setup if there is a better way to get what we want.