We are using a Jira project as an incident management tool and want to link issues from other projects (same server) to the issues in this incident management tool.
The users creating issues in the incident management project are not allowed to browse the other projects, as they are software development or test management projects with too much specific detail.
We expected the title and status of the other issues to show, but they don't. To the user of the incident management project, it looks like there's nothing linked at all.
Is there a way to show the title and status of the linked issues without granting access to the other projects?
That cannot be done. If you cannot see the issue at the other end of a link, you should not be able to leak data about it just because there is a link into it from somewhere else.
If you want to see information about a linked issue, you have to let the person see it.
I would have expected the link to show and an error message when trying to open it ("you don't have permission to view this issue").
Is it not even possible to show the ID of the linked issue? When I send a link to a Jira issue via mail, the ID is shown in the URL, too. The ID doesn't seem to be a sensitive information...
Is there a request somewhere to vote on to get this behaviour changed? It is rather stupid to not show at least the issue id of ALL linked issues regardless of permissions. And I will note that this would not leak any information as you can actually see it in the "History" tab of the issue. It just is a pain to find there when it should be listed on the linked issues section.
Nic, that is already being leaked. Look in the "History" tab. What is and is not leaked should be configurable as a new permission level that shows a subset of data that "browse issue" gives. But that is for Atlassian to decide to implement or not. In the meantime, we hack around it. :)
Alternatively, I believe allowing someone to "link to my issues" should give them access to see just the fields that issue links show (key, summary, status, priority). Really, linking should not rely an the "browse" permission. Overall, it is the conflating of these permissions that makes administering Jira messier than it ought to be.
For anyone that comes across this, the best I could find was this issue: JSDSERVER-3816
The current implementation is a big bummer for our teams, we frequently get asked why a ticket seems not to be worked on because users cannot track the status of the blocking ticket which lies in another restricted project...
These two Requests are currently "gathering interest", but the request unfortunately was already denied by Atlassian devs in the past, so I'm not confident, this will be implemented anytime soon...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events