Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict user access to a specific epic in a project

Hashtag
Hashtag
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 1, 2021

Hello all,

 

I am finding difficulty understanding the security levels in JIRA.

I have a project where I want to create an epic for each user group. Right now it looks like I can only give access on a project level but not on an EPIC level.

Can anyone please let me know

  • how to create user groups - for example, a set of users belongs to one group
  • how to give access to users only to a specific EPIC?

 

Thanks

Answer
Watch
Like Be the first to like this
1876 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 1, 2021

You create groups in your user management system - this might be Jira's internal directory, your corporate directory, Okta, Atlassian access - I can't tell you what you're using, you need to talk to the admins and look at the user directories

On the "give access to epic"

Issue security is the way to do this, but I have to say it's really a bad thing to try to do - Epics are supposed to be accessible to everyone across teams so you can group stories together from everywhere and report on them.

Security levels look complex, but they're not really that bad.  The first thing to note is that they are done entirely within the permissions for the project.  If the permission scheme does not let someone see the project (they do not have "browse project"), then the security level is irrelevant to them - they can't see the issue no matter what you do with a security level.

What a security level does is restrict visibility to a set of people when the level is applied to an issue.  It's easier to do an example than try to explain from scratch.

Imagine you have a project (which everyone can see - permission scheme says "browse: any logged in user"), with three issues:

  • ABC-34, security level = <none>
  • ABC-56, security level = Secret
  • ABC-78, security level = Hush hush

Now imagine you've got a really simple security scheme with rules based on users:

  1. Level "Secret" = Alice
  2. Level "Hush hush" = Alice and Bob

Your users, Alice, Bob and Charlie can now all see different sets of issues:

  • Charlie can see ABC-34, because there's no security level
  • Bob can see ABC-34 and ABC-78, because he's named for Hush hush
  • Alice can see all three

So, for your case, you could set up security scheme(s) for the projects the Epics are in, with levels named directly by group (e.g. level red = "group red, admins and managers", level green = "group green, admins and managers", and so on).  Then for Epics that should only be see by group Red, set the security level to red.

This will break in "interesting" ways, when an issue is part of an Epic a user can't see, but I expect that's part of what you're trying to do with this.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events