Community
Products
Jira Software
Questions
Grant access to issue without access to project

Grant access to issue without access to project

Hi,

is it possible to grant a user access to a JIRA issue without granting the user access to the project page?

Currently we have some projects where we add users through a multi user custom field "Contributors" to access issues. This field was added to the "Browse projects" permission within the used project permission scheme to grant all users within this field access to the project/issue.

Now we add external users to our system and I don't want these projects to be visible to external users, but it seems that if there is a multi user custom field assigned to Browse Project permission, the project is visible to all users of the system, even if the user is not within this custom field in any issue.

Is there another way to grant access to specific issues without showing the existince of the project to everyone?

Thanks for any help or suggestions.

Henning

4 answers

1 accepted

0 votes

Answer accepted

Adding a multi user customfield affects Browse project permission, this is a known bug:

https://jira.atlassian.com/browse/JRA-29840

So, currently it's not possible without granting all users to view the project.

Thanks

Henning

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Henning,

Did you find any workarounds for this issue?

Thanks
John

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

No, it‘s still the same as 6 years ago.

Henning

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Zigmars Rozentals likes this

1 vote

This might be useful - https://confluence.atlassian.com/display/JIRA/Current+Reporter+Browse+Project+Permission

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks for the hint Renjith, unfortunately this is only for reporters and not for users in customfields.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

1 vote

Is there another way to grant access to specific issues without showing the existence of the project to everyone?

Yes. But you have to add the user to a project-role / group in the same step you add him to the customfield. (I'll descripe it for the Custom-Field "Reporter" to make it easier to understand for others, but it also works for other User/Group customfields.)

Lets say:

- Members should see the Project and all issues

- VisitorsFull should see the Project and own Issues

- VisitorsRestricted should NOT see that the Project exists.

Problem:

If you add the Reporter to "Browse Project" in the Permission Scheme, ALL Users can see the Project.

Solution:

So you have to restrict the visibility to some Roles/Groups in the Permission Scheme and restrict the visibility of the Issues with an "Issue Security Level" to "reporter":

Permission Scheme:

Browse Project: Members, VisitorsFull

Default Issue Security Level:

Browse Project: Members, Reporter

With this solution users who have access to some Issues still can see the project (but they see just their own Issues!) but other users who don't have access to some issues don't see the project at all. I think this is a good compromise.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You still have to add the user to a ProjectRole that has the "Browse Project" Permission.

(you could automate this step)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks, but this doesn't work for me.

I have a customfield "Contributor", and added this to the default security level. If I add an issue with this security level, the user in "Contributors" are not allowed to access the issue.

Or do I miss something of your description?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I know this doesn't prevent "Contributors" to see the Project but other Users who are not in a ProjectRole with "Browse Project" Permission won't see the project anymore.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Ah, ok. But unfortunatly that's not what I needed, because every user is a potential "contributor".

But thanks for your answer.

Henning

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

1 vote

I am afraid you can't do that. Permissions can be used to restrict the visibility from a higher level.

For example, you can restrict projects even if global permissions are there. And you can restrict issues even if project permissions are there. The reverse is not possible. You can not give access to project if the user don't have global permissions. And you can't give access to issues if the user don't have project permission.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Ok, I understand.

But in reality, the user doesn't have access to the project as long as he/she is not added to the "Contributors" custom field. But regardless of that the project is already visible.

How determines JIRA the users who can see the project? If there is a (multi) user custom field within the browse project permission, all users can see the project?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Nope, only the people in that field. But note that you are still adding the custom field in the project permissions. When a user is in that field on an issue, he can see that issue and the project in which it belongs.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

That would be perfect for me but unfortunatly it's not the case... I created a user which don't have any personell or group project permissions and which is not noted in any of the Contributors custom fields and the user is still able to see the project with the Contributors custom field within the Browse Project permission (JIRA 4.4.5).

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You mean your user is not in any of the permissions and is not in the custom field in any issues in that project but still able to see the project?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Exactly.

If I remove the custom field from the Browse project permission, the project isn't visible to the user.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Are you sure the user is not in any of the issues in that project? As a custom field value?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Yes, 100%. It's a new created user.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I guess you mean it is a newly created user custom field? That shouldn't happen. How will JIRA determine which user sees the project? The user details must be somewhere! Maybe you can attach a screenshot of the permission scheme?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

No, the user is new. The custom field already existed some time. Attached the screenshot of the project permissions.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Can you make sure the user is not in any of those project roles? And also run a jql to find issues where th custom field has that user name in it - just to make sure.

Raising a support case will be the next option ;)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I double-checked the project roles of this user, they are empty. And the JQL search results in no issues...

Ok, I'll raise a support issue.

Thanks for you help.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Grant access to issue without access to project

4 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events

Ask a question

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Grant access to issue without access to project

4 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events