We work with 2 different suppliers and have projects dedicted to issues for each. Currently, any user from either group can can see all of the users in the system, including users from the other suppliers group, e.g. when assigning a user or using the assignee filter in issue search. Can we prevent these two groups from seeing the other's users? Can we do it so that internal users can still see all users in the system? We have a dedicated project for each supplier and use groups (e.g. internal, supplier 1, supplier 2) and permissions to limit access to the project and issues. So, Project 1 will have permissions that limit browsing projects, creating issues, setting assigness, etc. to the inernal and supplier 1 groups only. The internal group is assigned to th permissions for both Project 1 and Project 2 as well as many other projects.
Correction. I confirmed that a user from Supplier 1 can't look up users from Supplier 2 in the assign users lookup in the create or edit issue finder. But as a user from supplier 1, when using the assignee filter in issue search, I can type in the root email for supplier 2 and find all of supplier 2's emails. Also, if I know any of supplier 2's users by name, I can find them.
I'm going to restate this problem slightly. It includes the suggestion by Lars above.
We work with 2 different suppliers and have projects dedicated to issues for each - and confidentiality agreements with each. We use groups to manage users and permissions to projects. We have groups for our internal team, different vendors and the 2 suppliers mentioned above. This works well with restricting access to projects by groups. So, users from supplier 1 can't view issues in project 2 used by users from supplier 2. But, if the global browse user permission is set to all users, i.e. no restrictions, then users from supplier 1 can find the users from supplier 2 using things like the lookup drop down for assignee's in the issue search tool. E.g., by typing in the company name of supplier 1, the lookup tool will return all of the users who have that company name in their email address. That is not good for several reasons not the least of which is maintaining confidentiality.
If I change the global browse user permissions to specific groups and do not include the groups for supplier 1 and supplier 2 (suggested by Lars above), this will prevent these users from finding each other with the assignee lookup tool in issue search, but now the add watcher functionality is broken. Users from supplier 1 can't find users from their own group in the project for supplier 1 (which includes users form our internal group and other vendor groups) to watch the issue using the add watchers tool.
I've sent this issue to JIRA support but if anyone else has helpful suggestions, I would appreciate your insite.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs