Hi,
is it possible to grant a user access to a JIRA issue without granting the user access to the project page?
Currently we have some projects where we add users through a multi user custom field "Contributors" to access issues. This field was added to the "Browse projects" permission within the used project permission scheme to grant all users within this field access to the project/issue.
Now we add external users to our system and I don't want these projects to be visible to external users, but it seems that if there is a multi user custom field assigned to Browse Project permission, the project is visible to all users of the system, even if the user is not within this custom field in any issue.
Is there another way to grant access to specific issues without showing the existince of the project to everyone?
Thanks for any help or suggestions.
Henning
Adding a multi user customfield affects Browse project permission, this is a known bug:
https://jira.atlassian.com/browse/JRA-29840
So, currently it's not possible without granting all users to view the project.
Thanks
Henning
Hi Henning,
Did you find any workarounds for this issue?
Thanks
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, it‘s still the same as 6 years ago.
Henning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This might be useful - https://confluence.atlassian.com/display/JIRA/Current+Reporter+Browse+Project+Permission
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the hint Renjith, unfortunately this is only for reporters and not for users in customfields.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is there another way to grant access to specific issues without showing the existence of the project to everyone?
Yes. But you have to add the user to a project-role / group in the same step you add him to the customfield. (I'll descripe it for the Custom-Field "Reporter" to make it easier to understand for others, but it also works for other User/Group customfields.)
Lets say:
- Members should see the Project and all issues
- VisitorsFull should see the Project and own Issues
- VisitorsRestricted should NOT see that the Project exists.
Problem:
If you add the Reporter to "Browse Project" in the Permission Scheme, ALL Users can see the Project.
Solution:
So you have to restrict the visibility to some Roles/Groups in the Permission Scheme and restrict the visibility of the Issues with an "Issue Security Level" to "reporter":
Permission Scheme:
Browse Project: Members, VisitorsFull
Default Issue Security Level:
Browse Project: Members, Reporter
With this solution users who have access to some Issues still can see the project (but they see just their own Issues!) but other users who don't have access to some issues don't see the project at all. I think this is a good compromise.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You still have to add the user to a ProjectRole that has the "Browse Project" Permission.
(you could automate this step)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, but this doesn't work for me.
I have a customfield "Contributor", and added this to the default security level. If I add an issue with this security level, the user in "Contributors" are not allowed to access the issue.
Or do I miss something of your description?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I know this doesn't prevent "Contributors" to see the Project but other Users who are not in a ProjectRole with "Browse Project" Permission won't see the project anymore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ah, ok. But unfortunatly that's not what I needed, because every user is a potential "contributor".
But thanks for your answer.
Henning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am afraid you can't do that. Permissions can be used to restrict the visibility from a higher level.
For example, you can restrict projects even if global permissions are there. And you can restrict issues even if project permissions are there. The reverse is not possible. You can not give access to project if the user don't have global permissions. And you can't give access to issues if the user don't have project permission.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, I understand.
But in reality, the user doesn't have access to the project as long as he/she is not added to the "Contributors" custom field. But regardless of that the project is already visible.
How determines JIRA the users who can see the project? If there is a (multi) user custom field within the browse project permission, all users can see the project?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nope, only the people in that field. But note that you are still adding the custom field in the project permissions. When a user is in that field on an issue, he can see that issue and the project in which it belongs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That would be perfect for me but unfortunatly it's not the case... I created a user which don't have any personell or group project permissions and which is not noted in any of the Contributors custom fields and the user is still able to see the project with the Contributors custom field within the Browse Project permission (JIRA 4.4.5).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You mean your user is not in any of the permissions and is not in the custom field in any issues in that project but still able to see the project?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Exactly.
If I remove the custom field from the Browse project permission, the project isn't visible to the user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are you sure the user is not in any of the issues in that project? As a custom field value?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, 100%. It's a new created user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I guess you mean it is a newly created user custom field? That shouldn't happen. How will JIRA determine which user sees the project? The user details must be somewhere! Maybe you can attach a screenshot of the permission scheme?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, the user is new. The custom field already existed some time. Attached the screenshot of the project permissions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you make sure the user is not in any of those project roles? And also run a jql to find issues where th custom field has that user name in it - just to make sure.
Raising a support case will be the next option ;)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I double-checked the project roles of this user, they are empty. And the JQL search results in no issues...
Ok, I'll raise a support issue.
Thanks for you help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.