Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to restrict user access to a specific epic in a project

Hashtag I'm New Here Jun 01, 2021

Hello all,


I am finding difficulty understanding the security levels in JIRA.

I have a project where I want to create an epic for each user group. Right now it looks like I can only give access on a project level but not on an EPIC level.

Can anyone please let me know

  • how to create user groups - for example, a set of users belongs to one group
  • how to give access to users only to a specific EPIC?



1 answer

0 votes

You create groups in your user management system - this might be Jira's internal directory, your corporate directory, Okta, Atlassian access - I can't tell you what you're using, you need to talk to the admins and look at the user directories

On the "give access to epic"

Issue security is the way to do this, but I have to say it's really a bad thing to try to do - Epics are supposed to be accessible to everyone across teams so you can group stories together from everywhere and report on them.

Security levels look complex, but they're not really that bad.  The first thing to note is that they are done entirely within the permissions for the project.  If the permission scheme does not let someone see the project (they do not have "browse project"), then the security level is irrelevant to them - they can't see the issue no matter what you do with a security level.

What a security level does is restrict visibility to a set of people when the level is applied to an issue.  It's easier to do an example than try to explain from scratch.

Imagine you have a project (which everyone can see - permission scheme says "browse: any logged in user"), with three issues:

  • ABC-34, security level = <none>
  • ABC-56, security level = Secret
  • ABC-78, security level = Hush hush

Now imagine you've got a really simple security scheme with rules based on users:

  1. Level "Secret" = Alice
  2. Level "Hush hush" = Alice and Bob

Your users, Alice, Bob and Charlie can now all see different sets of issues:

  • Charlie can see ABC-34, because there's no security level
  • Bob can see ABC-34 and ABC-78, because he's named for Hush hush
  • Alice can see all three

So, for your case, you could set up security scheme(s) for the projects the Epics are in, with levels named directly by group (e.g. level red = "group red, admins and managers", level green = "group green, admins and managers", and so on).  Then for Epics that should only be see by group Red, set the security level to red.

This will break in "interesting" ways, when an issue is part of an Epic a user can't see, but I expect that's part of what you're trying to do with this.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you