I'm using JIRA Cloud hosted version. We want to setup a security level for a few users. The security level allows these users to only view their own created issues, or when they are assigned to an issue. Now this isn't working, I've followed numerous guides, such as this one, but it's not working. In the end a user can still see all the issues. I'm not sure if this is a bug, or that I'm making a mistake somewhere along the line. I would love for a Atlassian employee to watch along and provide tips and/or confirm if this is actually a bug or not.
Just a little suggestion, instead of using Security Level, you can use Permission Scheme.
All you have to do is change the 'Browser Projects' permission to only allow the 'reporter' to see it. You can add other permissions, like the assignee and the administrators to this permission, so they can also see it (and the administrators will be able to see all of them), as long as groups and project roles that give access to anyone are not there.
This is easier than Security Level.
I hope it's helpful.
Jaime Kirch da Silveira
Atlassian Cloud Support
@Jaime Silveira In Jira Cloud, as much as I've tested, the permission subject 'Reporter' doesn't seem to work as expected. Instead of referring to "the person who was the reporter of one or more specific issues", it seems to act as a much wider "group of people who have Create Issue permission". Therefore, I think it is not possible to make a user browse only the issues created by himself just through the configuration of his permissions. I read somewhere else that the 'Reporter' subject was changed in order to avoid issues related to recursive reference, like granting 'Create Issue' permission just to the 'Reporter' of that issue; as it would be an issue which does not exist yet, no one could actually create issues with that configuration. Could you clarify this?
Thanks for your reply and your suggestion. I have a second question:
I've tried searching the documentation but is there a way to let a particular group of users see only x issues based on a certain field. So if field x is chosen, users from group x can only see those issues? And if y is chosen, users from group y can see that?
Some issues belong to company x, some to y, some to z etc. And I want those issues to be invisible to users of a different company. Could you let me know what the best practice is for this, if possible at all?
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events