Issue Security Level

Ach, no, ignore me - Bob won't see the issue at all, he's not in A.

I think you need to establish an exact pattern for this behaviour. Concentrate on one issue, with one security level and then find two users - one who can see it, and one who can't. Then look at the differences between them. What security levels can they see? And also - do the users have rights to set the security levels? (Bearing in mind you can only set a security level which you belong to - I think that's what made me think about the answer above)

Edit - argh, tied myself in knots again and missed out one thought. If the issue is set to level B, then Bob will see the issue, and level B written on it. If Bob then tries to change it, he will only be offered B and C because he's not in A. I think. (I think I need more coffee and a little holiday, before my brain explodes)

What's the difference between the issues you can see the level on and the ones you can't? Different security levels?

i know what you're talking about , i'm talking as an administrator

it's misterious

i created some issues myself once i can see the security level displayed once it's not :s

because the gadget on the dashbord can diplay issues filters by Security level this information is important for me to be showed

Ah, ok. Remember that if a user cannot see an issue (because of the project permissions or the security level), then it is NOT reported to them in any way.

A simple example: You have the security example I wrote up before. You've got a project with 15 issues, 1 with no security level, 2 with A, 4 with B and 8 with C. You have a filter for "all issues in project"

So you add a gadget on a shared dashboard for "filter statistics, grouped by security level", and pointed at your filter for all issues in the project.

When Alice visits, it will say none: 1, A:2 and B:4

When Bob visits, it will say none: 1, B:4, C:8

When you, the admin (who you have included in all security levels) visits, you'll get the full story because you can see all issues.

Hi Nic Brough [Adaptavist]

I have similar issue but the not the exact.

I have setup the security level for a bug if a field Customer = Yes, then User under QA group cannot see that bug. which is fine and as expected.

But the issue is that, I created a bug and i Have Customer - No, and I submit the bug. Now I realize that it should be as Customer = Yes. and I updated the bug in View/Edit screen. Now, I expect to have this bug to be in security level which means should not be visible to QA group users and the bug should display Security level message. But its not happening.

Please let me know have any questions?

Regards,

JIRA_USER

Your field has nothing to do with the security level.

Hi Nic Brough [Adaptavist]

I made Security Levele field Visible in the Edit Screen. That will work to some extend to put the security level in a bug. But, I want the to make as when I select Customer = Yes in Edit screen the Security Level (Default Field) should changed to be required field and also Should Default to Security Level Value. Could you please help me on this?

Thanks in Advance.

You will need to find/write code that can set the security level when your field is set.

I am new to JIRA and below is my 1st grovy script which I wrote to meet my requirement but its not working. I am editing the defect in Edit screen and I expect to be the security Level field to be required and default to the value (Group security).

def Cust = getFieldByName("Customer")

def security= getFieldByName("Security Level")

if (Cust.getFormValue() == 'Yes') {     

security.setFormValue("Group security")     

security.setRequired(true) }

else {     

//security.setHidden(true) // hide any fields you like     

 security.setRequired(false) }

Please advice.

That looks like a front-end script of some sort.  It's not going to work, you need to set it in the back end, as a post-function.

Yes, this script is in Behaviours. Could you please help to take this issue to the resolution?

Thanks,

JIRA_USER

It won't work with a Behaviour because only people who are part of a security level can set it.

You had roughly the right idea, but you need a scripted listener that will listen out for any issue update where a user might set the customer field, read the change and then set the new security level as appropriate.

Hi Nic Brough [Adaptavist],

Thanks for your continuous support and effort.

I’m still on a roadblock with the issue.

Here are approach and roadblock.

1st, I created a Issue Security Scheme and Security Level then assign group to the security Scheme/level so that user within the group can View / access the bug. And I wrote a post function condition, so that if the field Customer = Yes, this bug will only be visible to the user within the group added in security level. This is working fine, if I submit the bug with Customer = Yes in each transitions. No issues.

But, the issue is that if I submitted a bug with Customer = No in my create screen and later I decided to update Customer = Yes from No in any status/transition then the security level is not working as expected. Once the Customer is updated from No to Yes, this should only be visible to the user within the group added in security level.

So, I enable the Security Level field (Default field) in Edit screen. Now, I update Customer to Yes from No (manually). Then Security Level field should Default to the "Security level value" or should be changed to the required field. Again, this is not happening. I can change Security level field value and make the bug only visible/accessible to the user within the group added in security level. But, I do want to have Security Level field as required and default to the value, automatically. So that no user will skip the value in field and I can restrict certain user viewing/accessing the bug.

Please advice.

Regards,

JIRA_USER

you need a scripted listener that will listen out for any issue update where a user might set the customer field, read the change and then set the new security level as appropriate.

I added my Custom field Customer in Behaviours and added the script in script listener as below but it did not work.

def Cust = getFieldByName("Customer")

def security= getFieldByName("Security Level")

if (Cust.getFormValue() == 'Yes') {     

security.setFormValue("Group security")     

security.setRequired(true) }

else {     

 security.setRequired(false) }

Again, Behaviours will not help you.  It acts on the screen, and your users will only have the field there in certain cases, so it's not going to do anything.

That doesn't look like listener code.  There's no forms in listeners.

I know I am not doing right. I am very new to JIRA world. So not sure what to research and I do not know anything about the groovy script.

Could you please help me with my requirement or direct me some extend if Behaviour wont help at all?

Thanks

Start at https://scriptrunner.adaptavist.com/4.3.5/jira/listeners.html for getting a listener up.

yes, I have listner inplaced i Post function as given in the Adaptavist Scipt Runner but its not firing when I update the Field (Customer with value Yes from No). Its only working when a bug is moving via transition.

Restricting access to an issue

When creating (or editing) an issue, you can restrict access to that issue to members of your team who are part of a chosen security level. To be able to set the security level for an issue, your administrator must add you to the appropriate issue security level, and also grant you the 'Set Issue Security' permission for the appropriate projects. 

1. Create/edit the relevant issue.
2. In the Security Level drop-down field, select the desired security level for the issue. You will only see the security levels you belong to.
3. Save the issue. It is now only accessible to members of the specified security level. Users who are not members of this security level will not be able to access that issue, or see it in any filters, queries, or statistics. 

As per the note in confluence page, it is saying created/edit - Here im editing a field (Customer) from No to Yes so I can choose Security level field value, but If I edit Customer  field the security Level should be a required field.

Thanks 

That is a post-function, not a listener.  I'm not sure why you are wandering off to do other things, when I specifically said "listener".

Now, a post-function could do the job, but I've suggested a listener because you want to do things when editing as well, and there are no post-functions there.

And, on your last comment, yes, that's what I said.  You need a listener to pick up the edit of Customer and set the security field. 

I finally achive the solution that I was expecting. Thanks for your hints.

But i never set the security level while creating an issue , for other groups ( with another security level ) it's showed automaticly

but for this new group somtimes it's shown sometimes it's not

@Nick, they have set the security scheme because she can able to see that on one issue and not able to se on another issue bothe issue related to the same project

i am wrong?

If it's not there, then the security level has not been set.

How can we then add security level to the exisiting issues?

Edit the issue, selecting a level on the edit screen.

In Edit Issue, the security level field is not present

You need to add the level field to the screen, make sure you have an issue security scheme associated in the project settings, and that the person trying to edit it has "set security" permission and is in one or more of the levels.

I got it, I have already added the security level scheme to the project as well as I am in the security level as well. The level field don't show in the screen either

So the account does not have "set issue security" permission, or is not in any security levels.

I'm in the same boat. We can only view the Security field upon creation of an issue. Once saved the field disappears, although I can bulk change the field. The security scheme works, but we can't access the field all but when we first create the issue. I also cannot find or add it with "Configure Fields". It's just not there. It's there to bulk change, it's there when first creating an issue, and then it isn't there any other time. 

• Permissions Scheme includes Set Issue Security for all needed project roles
• Security Scheme has been created and is associated with the project
• Security field is on all needed page layouts

We'd like to be able to view the issue permission on the issue, and we'd like to be able to change the issue permission at any time from the issue edit screen. What am I missing or is this a bug?

Could you create a test issue, selecting a security level for it.  Go do something else (there's a minor bug I've seen where a field disappears if you go straight into the issue view) then go back to the plain issue view, ideally using the url direct  (https://yourjira/browse/ABC-123)

Click "edit" to get into the edit screen for it, and then use "where is my field" from the "configure fields" option to look for "level"?  That will tell you why you can't see it on the edit screen.

Thanks for the response and further problem-solving - here's what I found out: If I flip the view to the "old issue view" - I can see the security field, edit, etc. It's just not anywhere to be found in the new issue view. Think this may be a bug/roadmap issue or is it something I'm missing for the new view? At least I found a workaround!

Ah, I completely forgot - security does not apply in the new issue view, nothing has been implemented for it.  The level should not even appear when creating an issue.

Surprise! It appears when creating an issue in the new view. At least I know I'm not crazy. Thanks again for your help. 

I am really sorry that I forgot to ask about the new view.

It is missing so much stuff I have been working with for the last 15 years, and take for granted now.

You are definitely not crazy, I am a bit surprised that Jira has managed to suggest that you can use issue security in the new view when you can't (yet), and I apologise for not thinking of that!