How to hide attachments for some people?

We have conflicting requirements that:

  • closed issues should be publicly available, so that everyone can see what is fixed
  • sensitive data from customers should not be available.

The compromise that we found is that, when an issue is closed, its summary and description should be made public (after some manual check), but not comments and attachments.
Now, we need to implement this :-)

Comments can be worked out, since there is a visibility field on them, but the visibility of attachments is the same as the issue they're on. (There are several long-outstanding improvement requests related to this: JRA-6185, JRA-3893, ...)

Here are a few workarounds we could think of:

  1. cloning each closed issue into a public project, removing comments and attachments
  2. forbidding the attachments, and using a protected FTP server to store them
  3. removing the attachments of an issue when it's closed
  4. adding a proxy in front of our public JIRA, so that the nasty bits are removed from the page
  5. ... ?

All of this seems rather clumsy... Would you have a better solution? Or what would you consider the less ugly one?


5 answers

Samuel, you could try our add-on - Smart Attachments ( It allows you to delegate access to particular attachment categories for the appropriate user groups. So you can easily restrict access to attachment categories that will be hidden. You can find details at Thanks.

Best Regards,

Vadim Rutkevich

We once did a Confluence macro (as an opensocial gadget) for a client to do something similar. It was basically the JIRA Issues macro with no hyperlinks and you could expand each issue to view certain fields. The JIRA XML view as all of the details about the ticket so an opensocial gadget allows you to easily decide which elements to display and which to hide. This allows you to publically show whatever details you want and still have the full ticket available internally.


I don't love this idea but you should be able to use a field configuration scheme to hide the attachments field. What I don't love is that they are based on issue type and not status/resolution so you'd still have to change the issue type or project that your closed tickets are in so that your 'hidden attachment' scheme would be used and your internal devs wouldn't have access to the attachments either.

Proposition by Stefan Kohler through twitter

What about changing the server velocity templates to include something like a check for public?

Hi, not sure if this will be appropriate for you but I have a plugin called Attachment Permissions ( that allows you to restrict visibility of attachments to a user group and/or reporter, assignee and creator. This isn't just for open and closed JIRAs but if access is restricted to creator, assignee and reporter than only these users would have access when the JIRA is closed.

Thanks, Paul

JIRA doesn't do field level security that well so I would look at using a custom post function to copy the data you want to share somewhere else such as a field that is shared in a Confluence page

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

879 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you