Limit/Restrict User Mention to Project Team

aazmi-demac October 19, 2017

I'd like to restrict who certain group members can mention on an issue when commenting - only mention users who are part of the project.

Use case: 

  • We have a client group for each project
    • The group only consists of client users
  • On each project we add all the internal team members and clients with their respective roles - all clients have role 'client'
  • Right now when the client tries to mention someone, they are provided a list of all our users on our system, which is not ideal as we don't want a client to be able to see other client names nor do we want them to mention the wrong team member

We are looking for a solution that only allows CLIENT roles or users part of a certain group to only be able to mention users who are part of the project. 

4 answers

4 votes
Joe Darrah August 3, 2020

This is also a big problem for my company as well, it makes the Client experience in Jira very frustrating as they cannot use the @mention feature to tag anyone in it. This along with creating Shared Filters / Dashboards has the same limitation. It has caused many of our clients to not use our Jira and/or spin up their own to manage our shared projects. Very inefficient.

 

If there is not already a change request submitted there should be and it should be implemented quickly. Being able to limit these features on a per-project basis is important.

Danny
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 13, 2023

https://jira.atlassian.com/browse/ID-8129 is the request you want to vote on. 

0 votes
Steve Davis January 29, 2019

We'd also like a resolution for this. We would like to be able to limit @mentions to users who have access to the project in question.

Timani Tunduwani February 28, 2019

We are going to test this with an Atlassian Access trial to see if it meets the need. 

 

Adding another product to solve this problem will be a costly solution as we'd also add the per-user cost of the new product to our monthly bill. 

 

If it works or not, I can post the findings back here

Like # people like this
FrankS July 23, 2019

Did you find a solution to this problem using Atlassian Access?

If so, what would be a solution for Jira Server (as Atlassian Access only works for Jira Cloud if I am not mistaken)?

We are facing the same problem as most users in this thread. Would be great to hear from @Atlassian about their take on this. 

We are struggling with GDPR compliance using Jira and confluence together with clients. It is simply a red flag for compliance checks if user names and emails are exposed across the entire user base. 

Like juergen_spaeth likes this
Timani Tunduwani July 25, 2019

Hey @FrankS 

Did you find a solution to this problem using Atlassian Access?

Unfortunately not. We have a still have this limitation but we proceeded with Atlassian Access for other business reasons. The current list of Atlassian Access features didn't cover this use case

  • Connect your identity provider to your Atlassian organization
    • SAML single sign-on
    • User provisioning
  • Set security policies from your Atlassian organization
    • Enforced two-step verification
    • Password policies
  • Check the audit log for activities that occur across your sites
  • Revoke a user’s API tokens
  • Get quick responses from support

We still have this requirement and yes there are a number of compliance reasons why we'd like to have this feature.

FrankS July 26, 2019

Thanks for your answer, Timani.

That's rather unfortunate that we are all still stuck with this problem.

Anyone knows how to best bring this to Atlassian's attention? (other than posting here)

Like juergen_spaeth likes this
Danny
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 13, 2023

https://jira.atlassian.com/browse/ID-8129 I would recommend voting on the request. 

0 votes
Timani Tunduwani December 5, 2018

Is there a way to get around this? 

 

Right now we've been able to use Field Configuration to limit the users that can be selected in a custom user-picker field. However, the body allows you to mention everyone once you give the global permission. 

The only solution is to stand up a separate instance to limit the scope of user access seems like a lot of overhead. Unless there is an addon that does this?

 

Any chance the @ mention can be a configurable permission or modifiable via a Field or permission scheme?

0 votes
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 19, 2017

You can’t do that. The closest you can do is remove Browse User global permission from everyone who is not a staff member.

aazmi-demac October 19, 2017

But then will the clients be able to make comments and mention team members? That was the only reason that permission was added really.

 

This is a big issue for us and I'm sure other Atlassian users. Is there any plan for this to be added in the future or is there an app we can get that'll help us achieve this?

Like # people like this
aazmi-demac October 23, 2017

Any advise here? 

Like juergen_spaeth likes this
Danny
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 13, 2023

Hi @aazmi-demac

I wish I had an solution for you, I too, would like a solution to this restriction. My only recommendation would be to at least vote on the request, if you have not already done so: https://jira.atlassian.com/browse/ID-8129

At least it demonstrates this is an issue for mutliple users/admins/instances that need this fence to be in place between users. 

I will be waiting the request myself and I hope it gains traction. 

Hope this helps (even though it is not something that solves the issue, it helps to know there is an official channel that Atlassian is listening to),

Danny

Suggest an answer

Log in or Sign up to answer