Giving ability to be @ mentioned in a project's issues without letting them see all issues

Deleted user February 27, 2018

I'm trying to figure out how to allow all users in our jira system to be able to be referenced with @ mention option for a given project, but not allow them to see all issues in the project when browsing the project.

I have added the allusers group to the browse projects, which does allow all users to be mentioned, which is great. But, it also allows them to see all issues in read only mode, which I don't want. I though about using issue security but then if they can't see the issue they can't be mentioned in it.

Is there any combination of project permissions and issue security that will allow all users to be 'mentionable' without actually being able to see issue until they are mentioned in it?

Thanks,

Jay

1 answer

0 votes
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 27, 2018

By default Jira does not provide a way to do this.  You can however use this free plugin - Jira Watcher Field.   It adds a new field type that you can use in permission schemes, Issue Security Schemes etc. It will make it possible to grant various access to watchers on specific tickets.

You will need to do the following:

  1. Create a new custom field based on the new field type added by the plugin. Name the field 'watchers'.
  2. Add this field to your edit and view screen. This will make it possible to add users that have no other permission to the issue in Jira. 
  3. In the plugin configuration you can tell Jira to accept watchers with no permissions.
  4. Add your custom field to the issue security scheme or project scheme.
  5. Test configuration. 

IMPORTANT - You need to add users to your custom field rather than to the built-in watcher field for this to work.  The plugin will synchronize the fields for you.

Deleted user February 27, 2018

Hi Brad,

My challenge is that I won't know what issues will need to have specific user permission until someone enters a comment with the @ username reference. The real thing I'm trying to accomplish is for people that don't have issue view rights to be mentioned in a comment and be notified and then just be able to view that specific defect.

I should also have mentioned that I'm on the cloud, and it looks like this has server support only.

What about the [~username] format, would that do the trick? It seems like there are a lot of close-but-no-cigar possibilities :(

Regards,

Jay

Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 27, 2018

Jay,
 I know you are trying to get to an @mention operation for security.  I don't know of a way other than watchers to make is so individuals can be added and see it once they are added to an issue but not have global read only access.  You are correct that this will only work server and not in the cloud.  

The [~username]  will point to a users profile and would not provide the functionality you are looking for.  Jira needs something for the permissions to be applied to and then that is what has to be modified in order for the permissions to take affect.  That is why the watchers solution works.  Sorry I do not have any better ideas than that.

Deleted user February 27, 2018

Hi Brent,

In looking at issue-level security, it seems that I can use custom fields to decide the users that get that permissions profile. It almost sounds like the free plugin, where the user can set the users via the UI and then jira would apply that permission level(view for example). it might be a 2 step process, add user to field, save it, then use the @ reference.  It seems a shame to have to add a user to the custom field then use the @ reference, but perhaps it would work. I'm off to give it a try, I'll report back!

Jay

Deleted user February 27, 2018

Hi Brant,

I'm sorry for my salutations, I just noticed I got your name wrong, twice!

Regards,

Jay

Deleted user February 28, 2018

I was able to achieve what I'm looking for, I think. I did the following:

1) At project level gave all users project browse permission

2) At issue level I set up a level that set view permissions off, unless a custom field had the user's userid in it

3) whenever a user(who already has edit permission on issue) wants to @ someone without view permission they just fill in custom field with that user's id and then permissions are granted that user which allows @ mentioning of that user.

This way nobody can see an issue until someone 'invites' them in by setting the custom field

The downside of course is that there has to be a core group of people with correct permissions that initially have to set the custom field, so it's not as flexible/open as just giving everyone browse access to the project. I'll give it a try and see if it's useful or not.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events