How does exactly issue level security work?

Balázs Bogda March 8, 2018

Hi,

I've a customer project that will be handled over to the customer for UAT. It means that I'll invite the customer to join JIRA to execute its tests there. Now, I don't wanna create a new project only for that sole purpose and I also don't want to show them the issues we've worked on until the hand over. I would like to show only the ones that concerns them (are created by their individual users, under the same role).
What is the best way of doing it? Is issue lever security a tool for that?

Thanks in advance,
Balázs

4 answers

1 accepted

16 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 8, 2018

You can do it with issue security schemes.   The most simple way to explain it is an example:

Create a security scheme with these three levels and their settings:

  • Private.  Role A, Role B, Role C
  • Confidential:  Role B, Role C
  • Classified:  Role C

Apply that to a project where Roles A, B, C and D all have "browse project".

On each issue, you can set the security level to "empty", or one of the three I've definied above.  Empty means A, B, C and D can see the issue.  Private effectively stops D seeing it, Confidential means only B and C, and Classified blocks all but C.

BUT.  If you really mean "I only want the Client Reporter and my internal Developers to see an issue", then just set "Browse = Reporter, Role:Developers".  You don't need security schemes to do that any more (You used to, or you could use the better option of "reporter browse", but "Browse: Reporter" has been fixed to meet expectations in later versions of Jira)

Test March 8, 2018

Hi Nic Brough [Adaptavist],
thanks for your quick answer. I got to the point where I set up the security levels, but don't know exactly how that works on the issues itself. At the moment, when I create (administrator role, that has permission to  Set Issue Security) an issue I don't see this security level field, however on the screen configured for my project, it is on the field tab. How does that work?
Thanks again,
Balázs

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 8, 2018

The create, edit, view and transition screens are separate entities (although they can be shared).  It sounds like you have everything right for "edit" ("level" field on screen, set scurity permission), but it's not on the Create screen.

Go to the project settings and drill down through the "issue type screen scheme" until you land on "create"

Like Riptide Helpdesk likes this
Balázs Bogda March 9, 2018

Hi Nic,

I'm finally ready with the full set-up. The only missing point was that I forgot to attach the security level scheme to the project itself. I've created it, everything was ready, but this little step was missing :)
I'm now in full control, migrated the old tickets to have the necessary security level value, created a separate board for the customer and also restricted its right only to that board.
Once again, thank you very much for you support and help.

Kind regards,
Balázs

1 vote
Scott McDonald June 2, 2022

This is for all the issue types in one project, correct?  Are we able to limit the security to just one issue type?

StephanieC April 27, 2023

Im searching for this answer as well... we would prefer to lock down certain issue types in one project so we dont accidentally forget to set issue security just on those issues! 

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 27, 2023

Security levels are set at the project level, not issue type.

1 vote
Adrián Plaza [DEISER]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 8, 2018

Hi @Balázs Bogda,

 

Yes, the issue-level security can work fine, you can find all the information about the issue security level here: 

https://confluence.atlassian.com/adminjiraserver/configuring-issue-level-security-938847117.html

 

Regards,

Adrián.

Test March 8, 2018

Hi @Adrián Plaza,
I've seen that documentation and I'm here for the missing part ;-)
Thx, Balázs

Adrián Plaza [DEISER]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 8, 2018

Hi @Test,

 

The Security Level field has been hidden on purpose, please see the limitations of doing so in Hiding or showing a field.

You need to enable/show the field in the field scheme, you can finde more information here: https://confluence.atlassian.com/adminjiraserver073/specifying-field-behavior-861253403.html#SpecifyingFieldBehavior-Hidingorshowingafield

 

Regards,
Adrián.

Like Dmitry Zorin likes this
Balázs Bogda March 9, 2018

Hi Andrián,

On my default screen schemes this field was not hidden. I had some difficulties with the set-up itself, but now it has been solved. Thanks for your comments and shared links.

Kind regards,
Balázs

0 votes
Hartej Arora June 7, 2019

Hi everyone,

Sorry for commenting on an old post but I have a couple of questions in regards to how the Issue Security is configured

1) Does the browse project permission override the issue security?

2) Are people with global administrator rights able to bypass issue security?

 

Thanks & regards,

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 7, 2019

No problem - your follow-up question is still relevant to the topic.

1) No.  It is more the other way around.  The "browse project" permission tells us who can see all the issues in a project.  Issue security then limits who can see individuals issues (no security level = everyone who has browse project.  Security level set = only the people in that security level)

2) Indirectly, they can.  There's no way for a global admin to see an issue with a security level set to exclude them.  For example, if "top secret" level says "only people in group X can see these issues", then an admin who is not in group X will not see the issue.  There's no way for them to find it, it is completely hidden from them.  But, as global admins, they could see, and then change or remove the security scheme, or put themselves into group X.

Like # people like this
Hartej Arora June 18, 2019

Hi @Nic Brough -Adaptavist- ,

 

Apologies for the delayed response. Thank you for your comment explaining the hierarchy. I was able to get the desired setup.

One follow up, is it possible to add the watcher of a ticket to the governing issue security level?

 

Thanks!

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 23, 2019

Yes, but if you want to do it automatically, you will need to code for it.

Hartej Arora June 24, 2019

Hi @Nic Brough -Adaptavist- ,

 

Thank you for your reply. Is there any documentation/ reference available to help start in the right direction with the coding?

 

Thanks!

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2019

Depends on how you want to implement this code.  Do you want to write an app for yourself or are you thinking to use something like ScriptRunner?

Hartej Arora June 24, 2019

Id prefer to do it with ScripRunner.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2019
Like # people like this

Suggest an answer

Log in or Sign up to answer