Possible to show link issues with security level

Anton Brunberg August 15, 2017

With some changes on how we handle logs from our customers, we have made so that some issues are restricted to only the specific customer and a group of employees, we call this issuetype Customer Internal.

Our problem now is that some developers outside of the group are asking for log files because they can't see the linked issue.

So, question is simple, is there a setting or plugin that let's you see that there are a linked issue that you don't have access to? It's actually a bit annoying to have them hidden.

1 answer

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 15, 2017

There's no setting for it - a link that leaks information that the user would not normally able to see is absolutely the wrong thing to do in security terms.

I'm not aware of add-ons that would directly allow you to unsecure your links, but if you've got one of the scripting plugins, or a developer to hand, you could write a derived field that goes off and reads the infromation (pretending to be a privileged user) and exposes it on the issue. 

Anton Brunberg August 15, 2017

We don't want them to be able to see the information in the issue, only that the issue exists to begin with.

We do use scriptrunner, I can explore that for showing some information then.

Thanks!

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 15, 2017

The Scripted field option does mean that you have complete control over what you expose. 

In some cases, it is a security problem for a user to even know there's a link to issue X, but that's not common - the usual problem is that links expose summary and other information.

But with SR, you've complete control over what is ok for you to expose.

Caio Camargo February 16, 2021

Anton, how did you solve this, please?

Anton Brunberg February 16, 2021

Hi Caio!

We actually went with an Automation Rule that read the logs and put them into a specific field in the open issue.
So we didn't solve the actual issue, unfortunately.

Suggest an answer

Log in or Sign up to answer