Get confirmation mail without ability to browse project

I would like a reporter to receive an email when the ticket has been created, but they should not be allowed to browse the project. It seems that this is not possible - Or is there a workaround?

2 answers

1 accepted

Accepted Answer
0 votes

No, that's by design - you are opening up a potential security leak if you do this, so Jira simply doesn't do it.

If you're sure you don't mind about leaking like this, then you can code around it - use the script-runner plugin if you don't want to write your own plugin, or look for the JETI plugin which allows this sort of hole to be opened.

Thanks

It seems JETI is not available for OnDemand. Just out of curiosity; What is the potential security leak?

Pretty much what it says on the tin.

If I put sensitive information into an issue in plain Jira, and I've got a permission scheme that says "only people in group X can see this project", then I've got a secure system - it won't email people outside group X with my sensitive information.

So, you install JETI and enable an email to someone outside your groups, or even outside your organisation. Then a user in group X innocently changes something on the issue, and bang, an unauthorised person has been sent your private information.


In most cases, it is, of course, absolutely fine to share information with a wider group. But Jira defaults to secure and non-leaky, and that's absolutely the right behaviour - you should only allow this after you have thought about it.

There are cases where installing something like JETI or writing a script that bypasses that and allows the leakage is not just a potential risk, but downright illegal because it enables the leaks. Just think about it before you do it.

Hi Nic Thank you for elaborating:) I understand your arguments, and it makes perfect sense from a security perspective. It still leaves me with a real life problem though. My situation is that I have app. a 100 customers that on a regular basis creates tasks that we are to solve, by sending in a ticket to Jira. In order for them to feel secure about sending their task to a system and not a personal email address they need to receive an acknowledgement email telling them that a ticket has been created. We on the other hand need to know who reported the ticket in case we have questions. We use Jira to pick up on all e-mail communication going back and forth, to ensure we have all history in one place for future reference. We may also have internal communication on a ticket that we are not interested in sharing with the customer and we don’t want them to be able to change anything on the ticket after it has been created. I have tried to translate our needs into these four user stories: As an external user I want to receive an e-mail confirming that a ticket has been created, so I feel secure that the system has picked up my request As an internal user, I want to be able to see who created the ticket, so I can clarify any question I might have As an internal user, I want only I or my colleagues to be able to make changes, so I/we have full control at all times As an internal user, I want only I or my colleagues to be able to see the ticket, so I can add comments that my customer won’t see I am off course not interested in compromising the security, but these four needs are nevertheless the situation I am trying to resolve.

Hey there,

if it's not possible with the notification scheme - use ScriptRunner and make a post-function to send a mail in the wanted transition (even create).

Post-function: send custom mail (can be send under condition and without).
or write your own scripted post-function.

Hope this is a valid solution for your doing. :)

Greets
Simon

I can't see the post function "send custom email" Am I missing something?

You have to install the ScriptRunner Plugin which I mentioned in the first sentence Lächeln :) https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner This brings a whole bunch of new functions as well for other aspects - it's free so give it a try Lächeln :) Greets Simon

Yeah thanks, except - I'm on OnDemand:)

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

465 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you