Issue Security Level

hello,

can i know how to display the "security level " in the issue's informations ?

Because when a user creates an issue in the same project

Sometimes we see the level of security Sometimes we don't

[pic]

https://docs.google.com/file/d/0Bx2sOasGvzxtUG42OW1pV2tDUVU/edit

Thanks for your help

6 answers

1 accepted

I guess, you see the security level field only if you got the permission "Set Issue Security". Please check your permission scheme, if this fits with your observation.

Hi for example the fieldconfiguration and display-screen have to contain the Field 'securitylevel'. Also the field must have a value.. try to use "where is my field?"-function?!
0 vote

You will only see the field if you've got a security scheme associated with the project, AND a security level is set on the issue.

If it's not showing, then there is nothing set for this issue.

@Nick, they have set the security scheme because she can able to see that on one issue and not able to se on another issue bothe issue related to the same project

i am wrong?

If it's not there, then the security level has not been set.

But i never set the security level while creating an issue , for other groups ( with another security level ) it's showed automaticly

but for this new group somtimes it's shown sometimes it's not

0 vote

I'm sorry, I forgot. I have a feeling that you can only see levels of which you are a member.

Let us say you have security levels A, B and C

You set level A on an issue

User Alice is in the groups that are named in A and B, and Bob is in groups that give him B and C.

Alice will see level A on the issue because that's what is set, and she's part of A

Bob will not see level A on the issue because he can only see the issue because he's part of B

(I'm really not sure - I haven't used security levels enough to know, but I suspect this might be what's happening)

Ach, no, ignore me - Bob won't see the issue at all, he's not in A.

I think you need to establish an exact pattern for this behaviour. Concentrate on one issue, with one security level and then find two users - one who can see it, and one who can't. Then look at the differences between them. What security levels can they see? And also - do the users have rights to set the security levels? (Bearing in mind you can only set a security level which you belong to - I think that's what made me think about the answer above)

Edit - argh, tied myself in knots again and missed out one thought. If the issue is set to level B, then Bob will see the issue, and level B written on it. If Bob then tries to change it, he will only be offered B and C because he's not in A. I think. (I think I need more coffee and a little holiday, before my brain explodes)

What's the difference between the issues you can see the level on and the ones you can't? Different security levels?

i know what you're talking about , i'm talking as an administrator

it's misterious

i created some issues myself once i can see the security level displayed once it's not :s

because the gadget on the dashbord can diplay issues filters by Security level this information is important for me to be showed

Ah, ok. Remember that if a user cannot see an issue (because of the project permissions or the security level), then it is NOT reported to them in any way.

A simple example: You have the security example I wrote up before. You've got a project with 15 issues, 1 with no security level, 2 with A, 4 with B and 8 with C. You have a filter for "all issues in project"

So you add a gadget on a shared dashboard for "filter statistics, grouped by security level", and pointed at your filter for all issues in the project.

When Alice visits, it will say none: 1, A:2 and B:4

When Bob visits, it will say none: 1, B:4, C:8

When you, the admin (who you have included in all security levels) visits, you'll get the full story because you can see all issues.

Hi Nic Brough [Adaptavist]

I have similar issue but the not the exact.

I have setup the security level for a bug if a field Customer = Yes, then User under QA group cannot see that bug. which is fine and as expected.

But the issue is that, I created a bug and i Have Customer - No, and I submit the bug. Now I realize that it should be as Customer = Yes. and I updated the bug in View/Edit screen. Now, I expect to have this bug to be in security level which means should not be visible to QA group users and the bug should display Security level message. But its not happening.

Please let me know have any questions?

Regards,

JIRA_USER

Your field has nothing to do with the security level.

Hi Nic Brough [Adaptavist]

I made Security Levele field Visible in the Edit Screen. That will work to some extend to put the security level in a bug. But, I want the to make as when I select Customer = Yes in Edit screen the Security Level (Default Field) should changed to be required field and also Should Default to Security Level Value. Could you please help me on this?

Thanks in Advance.

You will need to find/write code that can set the security level when your field is set.

I am new to JIRA and below is my 1st grovy script which I wrote to meet my requirement but its not working. I am editing the defect in Edit screen and I expect to be the security Level field to be required and default to the value (Group security).

def Cust = getFieldByName("Customer")

def security= getFieldByName("Security Level")

if (Cust.getFormValue() == 'Yes') {     

security.setFormValue("Group security")     

security.setRequired(true) }

else {     

//security.setHidden(true) // hide any fields you like     

 security.setRequired(false) }

Please advice.

 

That looks like a front-end script of some sort.  It's not going to work, you need to set it in the back end, as a post-function.

Yes, this script is in Behaviours. Could you please help to take this issue to the resolution?

Thanks,

JIRA_USER

It won't work with a Behaviour because only people who are part of a security level can set it.

You had roughly the right idea, but you need a scripted listener that will listen out for any issue update where a user might set the customer field, read the change and then set the new security level as appropriate.

Hi Nic Brough [Adaptavist],

Thanks for your continuous support and effort.

I’m still on a roadblock with the issue.

Here are approach and roadblock.

1st, I created a Issue Security Scheme and Security Level then assign group to the security Scheme/level so that user within the group can View / access the bug. And I wrote a post function condition, so that if the field Customer = Yes, this bug will only be visible to the user within the group added in security level. This is working fine, if I submit the bug with Customer = Yes in each transitions. No issues.

But, the issue is that if I submitted a bug with Customer = No in my create screen and later I decided to update Customer = Yes from No in any status/transition then the security level is not working as expected. Once the Customer is updated from No to Yes, this should only be visible to the user within the group added in security level.

So, I enable the Security Level field (Default field) in Edit screen. Now, I update Customer to Yes from No (manually). Then Security Level field should Default to the "Security level value" or should be changed to the required field. Again, this is not happening. I can change Security level field value and make the bug only visible/accessible to the user within the group added in security level. But, I do want to have Security Level field as required and default to the value, automatically. So that no user will skip the value in field and I can restrict certain user viewing/accessing the bug.

Please advice.

 

Regards,

JIRA_USER

you need a scripted listener that will listen out for any issue update where a user might set the customer field, read the change and then set the new security level as appropriate.

I added my Custom field Customer in Behaviours and added the script in script listener as below but it did not work.

def Cust = getFieldByName("Customer")

def security= getFieldByName("Security Level")

if (Cust.getFormValue() == 'Yes') {     

security.setFormValue("Group security")     

security.setRequired(true) }

else {     

 security.setRequired(false) }

Again, Behaviours will not help you.  It acts on the screen, and your users will only have the field there in certain cases, so it's not going to do anything.

That doesn't look like listener code.  There's no forms in listeners.

 

I know I am not doing right. I am very new to JIRA world. So not sure what to research and I do not know anything about the groovy script.

Could you please help me with my requirement or direct me some extend if Behaviour wont help at all?

Thanks

yes, I have listner inplaced i Post function as given in the Adaptavist Scipt Runner but its not firing when I update the Field (Customer with value Yes from No). Its only working when a bug is moving via transition.

Restricting access to an issue

When creating (or editing) an issue, you can restrict access to that issue to members of your team who are part of a chosen security level. To be able to set the security level for an issue, your administrator must add you to the appropriate issue security level, and also grant you the 'Set Issue Security' permission for the appropriate projects. 

  1. Create/edit the relevant issue.
  2. In the Security Level drop-down field, select the desired security level for the issue. You will only see the security levels you belong to.
  3. Save the issue. It is now only accessible to members of the specified security level. Users who are not members of this security level will not be able to access that issue, or see it in any filters, queries, or statistics. 

 

As per the note in confluence page, it is saying created/edit - Here im editing a field (Customer) from No to Yes so I can choose Security level field value, but If I edit Customer  field the security Level should be a required field.

Thanks 

That is a post-function, not a listener.  I'm not sure why you are wandering off to do other things, when I specifically said "listener".

Now, a post-function could do the job, but I've suggested a listener because you want to do things when editing as well, and there are no post-functions there.

And, on your last comment, yes, that's what I said.  You need a listener to pick up the edit of Customer and set the security field. 

I finally achive the solution that I was expecting. Thanks for your hints.

Hi,

I have similar issue but the not the exact.

I have setup the security level for a bug if a field Customer = Yes, then User under QA group cannot see that bug. which is fine and as expected.

But the issue is that, I created a bug and i Have Customer - No, and I submit the bug. Now I realize that it should be as Customer = Yes. and I updated the bug in View/Edit screen. Now, I expect to have this bug to be in security level which means should not be visible to QA group users and the bug should display Security level message. But its not happening.

Could anyone advice me please?

Please let me know have any questions?

Regards,

JIRA_USER

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

711 views 6 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you