Prevent administrators from seeing selected issues

We need to have several administrators bcause people are maintaining their own projects and need to add custom fields etc.

We have a requirement that some issues inone or two projects are only viewable by a few people.

Issue Security would seem to be the solution but anyone in the adminisstrators group can go and change the Issue Security even if they are not even mentioned in the different security levels.

Is there any way of configuring Jira to achieve our requirement?

4 answers

1 accepted

0 votes
Accepted answer

The plugin doesn't work OnDemand.

Separate Jita instance not viable OnDemand and also links are required between Confidential and non-Confidential tickets.

It is accepted that Jira Admins should be trusted; we just have quite a few of them as we allow them to create Custom Fields etc. for individual projetcs.

It is also accepted that if people stumble accross something Coonfidential they might read it but are far less likely to take action to be able to see somethig e.g. change a Permission Scheme change Issue Security.

As Issue Security is more granular, less known and less easy to change unintentially, this method has been selected. At admin would actively have to go into a project's config and change the security levels which is quite n active thing. Chaniging a permission scheme is easier and, because they are often shared between projects, are more likely to be changed and inadvertantly expose material.

So choice is Issue Security and trust your admins.

Administrators could still disable/remove the plugin.

I don't think there's any answer other than "You have to trust your administrators". I suspect that applies to all software, there's always a way for "root" to do something.

Agree with Nic here. They can still uninstall the plugin. But most people do things accidently and won't try it if they are blocked from doing it ;)

For example, if a page is protected, most people won't get around it by uninstalling the plugin that protects it.

I have to agree with both Jobin and Nic.

Seperate Jira instances might be an answer, but that's costly to maintain.

Best regards,

Peter

It would seem that jprotect only works for webwork actions for now and is also not available on Atlassian OnDemand or have I got something wrong?

Yes, it's only for webwork actions, although a lot of Jira is controlled that way.

It is definitely *not* available in OnDemand.

Setup a separate JIRA instance in a separate database and establish one of the "legit" users as admin.

IMO you have a big problem if you don't trust your sysadmin/dbas ... they always can find paths to access that info if they want (i.e export jira database and import into a stagging env, access directly to the db, ...)

We can use permission schemes

1) create a group for the project and add menmbers who should see this project

2) Restrict the "Browse Permission" under Permission Scheme for the project to the above created group.

Hope this helps.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,313 views 12 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you