I've created a custom field called Company, which is populated with our client company name's. Basically I am looking to give some form of read only access to my clients, but they should only be able to see issues that relate to their company only. So i am wondering if I can restrict access to issues in a project based on the value in the company custom field?
Sort of, but not really.
There are a few ways to approach restricting individual issues (e.g. using "only the person who raised this issue can see it") but what you really need here is "issue security"
This enables a "security level" that you can set on an issue. If it's blank, then just the project "who can browse" determines visibility, but if you set it to another level, you get to define rules. The more simple rules might be "Top Secret can only be seen by group X", or "Confidential can only be seen by people in the role of Y, and people in group X"
At that level, you'd have some pain, because you'd have to set up a security level for each value in the company custom field.
But... Security levels include rules like "is in custom field", which could solve this for you - you'd only need two security levels - "public (empty value)" and "private (determined by your field)".
That only works for select lists though, and if your company field is text, you'll need a different approach - set up the security levels, then write logic to read the company field and set the security level in a listener.
I have exactly the same issue here and even following your guide, I cannot resolve it. Probably I'm doing something wrong, so please help.
Just like in the question above, I have a field called "Customer" with values: CUSTOMER1, CUSTOMER2 and CUSTOMER3 (all capitals)
What the hell I'm doing wrong? =(
I will highly appreciate your help!
Thank you in advance!
[I know this is a old thread and many would have found their solutions already. I am answering so that the new person at least gets a hint of how this can be resolved.]
I had a similar situation.
the way I resolved is by using Issue level security. (I am not sure if that existed when Nic replied back in 2014).
Create different Issue level security levels for each company and user groups for each company.
Add the users from a particular company in the associated user group. Assign correct user groups to their respective security level.
When an issue is created, ensure that the issue level is updated for right company. You are good to go!
hope this helps!
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG