Is there a way to restrict access to a JIRA group when an issue is in a certain status?

Dave Cresswell April 6, 2016

This question is in reference to Atlassian Documentation: Restricting Edit based on Issue Status

Is there a way to restrict access to a JIRA group when an issue is in a certain status?

2 answers

0 votes
Nicolas Bourdages
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 6, 2016

You would need three things:

  • A security scheme with 2 settings: Private and External (or whatever names make sense to you)
  • Post-functions that set the security values on transitions
  • Workflow conditions to hide transitions to your secret status
  1. Set your security scheme so that Private issues can only be viewed by users in groups that contain only in-house users, and External can be viewed by both in-house users and a group of your external contractors. Make sure that External is your default setting.
  2. Make sure your permission scheme allows only your in-house users to change the security setting
  3. In all transitions leading to your "secret" status, add a post-function that sets the Security value to Private
  4. In all transitions leading to your "secret" status, add a condition so that only your in-house users can see the transition. If you don't do this, you external contractors will see a non-functional transition button (since they can't set the security setting, they can't execute a transition that sets it either, naturally).
  5. In all transitions leading out of your "secret" status, add a post-function that sets the Security level back to External.

Just be careful with the notifications. Imagine an issue is transitioned to the secret status, triggering an email to an external contractor who happens to be watcher, reporter, assignee or whatever. That person clicks on the link in the email and gets sent to an "access denied" screen. If that's a scenario that bothers you, you can avoid firing the usual generic event in that transition, and fire a custom event instead that notifies different people.

Dave Cresswell April 7, 2016

Hi Nicholas – thanks for your suggestion.  Couple clarification questions:

1.)    By security scheme, do you mean a custom field for Private/External, a Permission scheme, or Issue Security Scheme or combination of more than one?

2.)    “add a post-function that sets the Security value to Private”.  Seems like the only post functions available are to set values for global JIRA fields, not custom fields.  What am I missing.

 

Thank you for advice.

Dave

Nicolas Bourdages
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 7, 2016
  1. Issue Security Scheme
  2. You'll need the Misc Workflow Extension plugin it appears. It comes pre-installed with the Cloud version, but it's actually a separate plugin for Server installations. It's not free (not super expensive either), but it's a must have to do any sort of advanced workflow.

 

Dave Cresswell April 7, 2016

OK, thanks for your help.

 

0 votes
Dave Cresswell April 6, 2016

we have external contractors that perform work at a certain status in the workflow but otherwise can not access JIRA issues. there is a edit restrict property for a certain status.  We want to restrict all access at a status for a JIRA group.

Suggest an answer

Log in or Sign up to answer