Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to hide attachments for some people?

Samuel Langlois
Samuel Langlois February 19, 2013

We have conflicting requirements that:

  • closed issues should be publicly available, so that everyone can see what is fixed
  • sensitive data from customers should not be available.

The compromise that we found is that, when an issue is closed, its summary and description should be made public (after some manual check), but not comments and attachments.
Now, we need to implement this :-)

Comments can be worked out, since there is a visibility field on them, but the visibility of attachments is the same as the issue they're on. (There are several long-outstanding improvement requests related to this: JRA-6185, JRA-3893, ...)

Here are a few workarounds we could think of:

  1. cloning each closed issue into a public project, removing comments and attachments
  2. forbidding the attachments, and using a protected FTP server to store them
  3. removing the attachments of an issue when it's closed
  4. adding a proxy in front of our public JIRA, so that the nasty bits are removed from the page
  5. ... ?

All of this seems rather clumsy... Would you have a better solution? Or what would you consider the less ugly one?

Thanks

Answer
Watch
Like Grzegorz Dlugoszewski likes this
2127 views

5 answers

8 votes
Vadim Rutkevich
Vadim Rutkevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 19, 2014

Samuel, you could try our add-on - Smart Attachments (https://marketplace.atlassian.com/plugins/com.stiltsoft.jira.smart-attachments). It allows you to delegate access to particular attachment categories for the appropriate user groups. So you can easily restrict access to attachment categories that will be hidden. You can find details at https://docs.stiltsoft.com/display/CATAT/Managing+Categories. Thanks.

Best Regards,

Vadim Rutkevich

Reply
0 votes
MattS
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2015

JIRA doesn't do field level security that well so I would look at using a custom post function to copy the data you want to share somewhere else such as a field that is shared in a Confluence page

Reply
0 votes
Paul Clark _Redmoon Software_
Paul Clark _Redmoon Software_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 19, 2014

Hi, not sure if this will be appropriate for you but I have a plugin called Attachment Permissions (https://marketplace.atlassian.com/1212271) that allows you to restrict visibility of attachments to a user group and/or reporter, assignee and creator. This isn't just for open and closed JIRAs but if access is restricted to creator, assignee and reporter than only these users would have access when the JIRA is closed.

Thanks, Paul

Reply
0 votes
Samuel Langlois
Samuel Langlois February 25, 2013

Proposition by Stefan Kohler through twitter https://twitter.com/stefankohler/status/304668391472521216

What about changing the server velocity templates to include something like a check for public?

Reply
0 votes
Pepe
Pepe
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 20, 2013

We once did a Confluence macro (as an opensocial gadget) for a client to do something similar. It was basically the JIRA Issues macro with no hyperlinks and you could expand each issue to view certain fields. The JIRA XML view as all of the details about the ticket so an opensocial gadget allows you to easily decide which elements to display and which to hide. This allows you to publically show whatever details you want and still have the full ticket available internally.

----

I don't love this idea but you should be able to use a field configuration scheme to hide the attachments field. What I don't love is that they are based on issue type and not status/resolution so you'd still have to change the issue type or project that your closed tickets are in so that your 'hidden attachment' scheme would be used and your internal devs wouldn't have access to the attachments either.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events