It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Get confirmation mail without ability to browse project

Kathrine Lauritzen Sep 03, 2014

I would like a reporter to receive an email when the ticket has been created, but they should not be allowed to browse the project. It seems that this is not possible - Or is there a workaround?

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough [Adaptavist] Community Leader Sep 03, 2014

No, that's by design - you are opening up a potential security leak if you do this, so Jira simply doesn't do it.

If you're sure you don't mind about leaking like this, then you can code around it - use the script-runner plugin if you don't want to write your own plugin, or look for the JETI plugin which allows this sort of hole to be opened.

Kathrine Lauritzen Sep 03, 2014

Thanks

It seems JETI is not available for OnDemand. Just out of curiosity; What is the potential security leak?

Nic Brough [Adaptavist] Community Leader Sep 03, 2014

Pretty much what it says on the tin.

If I put sensitive information into an issue in plain Jira, and I've got a permission scheme that says "only people in group X can see this project", then I've got a secure system - it won't email people outside group X with my sensitive information.

So, you install JETI and enable an email to someone outside your groups, or even outside your organisation. Then a user in group X innocently changes something on the issue, and bang, an unauthorised person has been sent your private information.


In most cases, it is, of course, absolutely fine to share information with a wider group. But Jira defaults to secure and non-leaky, and that's absolutely the right behaviour - you should only allow this after you have thought about it.

There are cases where installing something like JETI or writing a script that bypasses that and allows the leakage is not just a potential risk, but downright illegal because it enables the leaks. Just think about it before you do it.

Kathrine Lauritzen Sep 08, 2014

Hi Nic Thank you for elaborating:) I understand your arguments, and it makes perfect sense from a security perspective. It still leaves me with a real life problem though. My situation is that I have app. a 100 customers that on a regular basis creates tasks that we are to solve, by sending in a ticket to Jira. In order for them to feel secure about sending their task to a system and not a personal email address they need to receive an acknowledgement email telling them that a ticket has been created. We on the other hand need to know who reported the ticket in case we have questions. We use Jira to pick up on all e-mail communication going back and forth, to ensure we have all history in one place for future reference. We may also have internal communication on a ticket that we are not interested in sharing with the customer and we don’t want them to be able to change anything on the ticket after it has been created. I have tried to translate our needs into these four user stories: As an external user I want to receive an e-mail confirming that a ticket has been created, so I feel secure that the system has picked up my request As an internal user, I want to be able to see who created the ticket, so I can clarify any question I might have As an internal user, I want only I or my colleagues to be able to make changes, so I/we have full control at all times As an internal user, I want only I or my colleagues to be able to see the ticket, so I can add comments that my customer won’t see I am off course not interested in compromising the security, but these four needs are nevertheless the situation I am trying to resolve.

0 votes

Hey there,

if it's not possible with the notification scheme - use ScriptRunner and make a post-function to send a mail in the wanted transition (even create).

Post-function: send custom mail (can be send under condition and without).
or write your own scripted post-function.

Hope this is a valid solution for your doing. :)

Greets
Simon

Kathrine Lauritzen Sep 08, 2014

I can't see the post function "send custom email" Am I missing something?

You have to install the ScriptRunner Plugin which I mentioned in the first sentence Lächeln :) https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner This brings a whole bunch of new functions as well for other aspects - it's free so give it a try Lächeln :) Greets Simon

Kathrine Lauritzen Sep 09, 2014

Yeah thanks, except - I'm on OnDemand:)

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira

Try Jira Cloud for Outlook: Organize your work without leaving your inbox

Hi Atlassian community, My name is Max and I work on the product integration team at Atlassian. I am pleased to announce the early access program for the Jira Cloud add-in for Outlook. This add-in...

834 views 0 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you