Prevent administrators from seeing selected issues

We need to have several administrators bcause people are maintaining their own projects and need to add custom fields etc.

We have a requirement that some issues inone or two projects are only viewable by a few people.

Issue Security would seem to be the solution but anyone in the adminisstrators group can go and change the Issue Security even if they are not even mentioned in the different security levels.

Is there any way of configuring Jira to achieve our requirement?

4 answers

1 accepted

The plugin doesn't work OnDemand.

Separate Jita instance not viable OnDemand and also links are required between Confidential and non-Confidential tickets.

It is accepted that Jira Admins should be trusted; we just have quite a few of them as we allow them to create Custom Fields etc. for individual projetcs.

It is also accepted that if people stumble accross something Coonfidential they might read it but are far less likely to take action to be able to see somethig e.g. change a Permission Scheme change Issue Security.

As Issue Security is more granular, less known and less easy to change unintentially, this method has been selected. At admin would actively have to go into a project's config and change the security levels which is quite n active thing. Chaniging a permission scheme is easier and, because they are often shared between projects, are more likely to be changed and inadvertantly expose material.

So choice is Issue Security and trust your admins.

Administrators could still disable/remove the plugin.

I don't think there's any answer other than "You have to trust your administrators". I suspect that applies to all software, there's always a way for "root" to do something.

Agree with Nic here. They can still uninstall the plugin. But most people do things accidently and won't try it if they are blocked from doing it ;)

For example, if a page is protected, most people won't get around it by uninstalling the plugin that protects it.

I have to agree with both Jobin and Nic.

Seperate Jira instances might be an answer, but that's costly to maintain.

Best regards,

Peter

It would seem that jprotect only works for webwork actions for now and is also not available on Atlassian OnDemand or have I got something wrong?

Yes, it's only for webwork actions, although a lot of Jira is controlled that way.

It is definitely *not* available in OnDemand.

Setup a separate JIRA instance in a separate database and establish one of the "legit" users as admin.

IMO you have a big problem if you don't trust your sysadmin/dbas ... they always can find paths to access that info if they want (i.e export jira database and import into a stagging env, access directly to the db, ...)

We can use permission schemes

1) create a group for the project and add menmbers who should see this project

2) Restrict the "Browse Permission" under Permission Scheme for the project to the above created group.

Hope this helps.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Posted 9 hours ago in Jira

We want to know what Jira Service Desk apps you're using!

Hi Community! My name is Amir and I’m on the Jira Service Desk product marketing team at Atlassian. Our team would love to understand how you’re leveraging our ecosystem for Jira Service Desk. Wha...

33 views 0 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you