Issue Security Scheme doesn't show all security levels created.

Oh, I got it!

In this case we don't need level Low. None is working perfectly. We only need one level: High (default) which sees everything. If the level changed to None, the certain group of users will be also able to see the issue.

Thank you Nic!

@Nic Brough , Can you pleas explain a little , about what you mean by you have to be a member of the level to be able to see the level in the dropdown.

It's hard to explain differently to what I said before, but here is a worked example.

You have three people, Alice, Bob and Charlie.

You have a security scheme that says:

• None (no security level set)
• Secret
• Very Secret

The rules for the security levels are that

• Alice is named for Very Secret and Secret,
• Bob is named for Secret.
• Everyone can set the issue security

What they will see is:

• A security level field
• Charlie will not see any options in that field,  beyond "none", they are not a member of any levels.
• Bob will be offered none and Secret
• Alice will be offered none, Secret and Very Secret

This sounds weird for me. I am admin of project, I can edit issues, I have permission to set security level. However I cannot set issue security because I am not the one who is mentioned in security scheme.

Lets imagine boss tells me I have to set default security level for all issues starting from the beginning of the project. I select them using JQL, Bulk edit, Edit issues, Set issue security - there are no options where. Why? I do not need access to these issues, I only need to set issue security level and say goodbye to them.

No, it makes perfect sense - it is stopping people from setting a security level that would then hide their issue from them.

If you don't want to see issues, but don't need to secure them, then stop searching for them, or change the permissions such that you can't see the project they're in.

I don't need to see the issues, they may contain sensitive information. I only need to change certain security level on them. And I cannot do that unless I am mentioned in security level.

So the algorithm would be:

1. Add myself to the security level.
2. Bulk select issues
3. Set their security level
4. Remove myself from the security level.

Between 1 - 4 I have access to sensitive information and if later someone discovers a leak they will think of me. Or anyone else in my group if I use group on step 1. This is my concern.

I do not understand what you are trying to do here.

Issue security is about hiding issues from people who should not see them.  If you currently have access to an issue, then you've seen it, so there's not a lot of point in hiding it now.

It is not about hiding issues because you don't feel like looking at them.  If you don't want to see issues, then don't search for them, or open them.  Just ignore them.

Your concern is actually about training - you need your people to secure issues that you should not be seeing.  It's absolutely not your job to set the security level, it is up to the people who should be able to see the issues.