is it possible to grant a user access to a JIRA issue without granting the user access to the project page?
Currently we have some projects where we add users through a multi user custom field "Contributors" to access issues. This field was added to the "Browse projects" permission within the used project permission scheme to grant all users within this field access to the project/issue.
Now we add external users to our system and I don't want these projects to be visible to external users, but it seems that if there is a multi user custom field assigned to Browse Project permission, the project is visible to all users of the system, even if the user is not within this custom field in any issue.
Is there another way to grant access to specific issues without showing the existince of the project to everyone?
Thanks for any help or suggestions.
I am afraid you can't do that. Permissions can be used to restrict the visibility from a higher level.
For example, you can restrict projects even if global permissions are there. And you can restrict issues even if project permissions are there. The reverse is not possible. You can not give access to project if the user don't have global permissions. And you can't give access to issues if the user don't have project permission.
Ok, I understand.
But in reality, the user doesn't have access to the project as long as he/she is not added to the "Contributors" custom field. But regardless of that the project is already visible.
How determines JIRA the users who can see the project? If there is a (multi) user custom field within the browse project permission, all users can see the project?
That would be perfect for me but unfortunatly it's not the case... I created a user which don't have any personell or group project permissions and which is not noted in any of the Contributors custom fields and the user is still able to see the project with the Contributors custom field within the Browse Project permission (JIRA 4.4.5).
Is there another way to grant access to specific issues without showing the existence of the project to everyone?
Yes. But you have to add the user to a project-role / group in the same step you add him to the customfield. (I'll descripe it for the Custom-Field "Reporter" to make it easier to understand for others, but it also works for other User/Group customfields.)
- Members should see the Project and all issues
- VisitorsFull should see the Project and own Issues
- VisitorsRestricted should NOT see that the Project exists.
If you add the Reporter to "Browse Project" in the Permission Scheme, ALL Users can see the Project.
So you have to restrict the visibility to some Roles/Groups in the Permission Scheme and restrict the visibility of the Issues with an "Issue Security Level" to "reporter":
Browse Project: Members, VisitorsFull
Default Issue Security Level:
Browse Project: Members, Reporter
With this solution users who have access to some Issues still can see the project (but they see just their own Issues!) but other users who don't have access to some issues don't see the project at all. I think this is a good compromise.
Thanks, but this doesn't work for me.
I have a customfield "Contributor", and added this to the default security level. If I add an issue with this security level, the user in "Contributors" are not allowed to access the issue.
Or do I miss something of your description?
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
@Rachel Wright (Jira Genie), @Billy Poggi (AUG NOVA, DC), and @Dana Jansen (Confluence Queen) are just some of the folks that lead one of the world's most active Atlassian User Group (AUG)....
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs