Get confirmation mail without ability to browse project

Thanks

It seems JETI is not available for OnDemand. Just out of curiosity; What is the potential security leak?

Pretty much what it says on the tin.

If I put sensitive information into an issue in plain Jira, and I've got a permission scheme that says "only people in group X can see this project", then I've got a secure system - it won't email people outside group X with my sensitive information.

So, you install JETI and enable an email to someone outside your groups, or even outside your organisation. Then a user in group X innocently changes something on the issue, and bang, an unauthorised person has been sent your private information.

In most cases, it is, of course, absolutely fine to share information with a wider group. But Jira defaults to secure and non-leaky, and that's absolutely the right behaviour - you should only allow this after you have thought about it.

There are cases where installing something like JETI or writing a script that bypasses that and allows the leakage is not just a potential risk, but downright illegal because it enables the leaks. Just think about it before you do it.

Hi Nic Thank you for elaborating:) I understand your arguments, and it makes perfect sense from a security perspective. It still leaves me with a real life problem though. My situation is that I have app. a 100 customers that on a regular basis creates tasks that we are to solve, by sending in a ticket to Jira. In order for them to feel secure about sending their task to a system and not a personal email address they need to receive an acknowledgement email telling them that a ticket has been created. We on the other hand need to know who reported the ticket in case we have questions. We use Jira to pick up on all e-mail communication going back and forth, to ensure we have all history in one place for future reference. We may also have internal communication on a ticket that we are not interested in sharing with the customer and we don’t want them to be able to change anything on the ticket after it has been created. I have tried to translate our needs into these four user stories: As an external user I want to receive an e-mail confirming that a ticket has been created, so I feel secure that the system has picked up my request As an internal user, I want to be able to see who created the ticket, so I can clarify any question I might have As an internal user, I want only I or my colleagues to be able to make changes, so I/we have full control at all times As an internal user, I want only I or my colleagues to be able to see the ticket, so I can add comments that my customer won’t see I am off course not interested in compromising the security, but these four needs are nevertheless the situation I am trying to resolve.

I can't see the post function "send custom email" Am I missing something?

You have to install the ScriptRunner Plugin which I mentioned in the first sentence Lächeln :) https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner This brings a whole bunch of new functions as well for other aspects - it's free so give it a try Lächeln :) Greets Simon

Yeah thanks, except - I'm on OnDemand:)