how to associate a security level to a single issue inside a project?

Hi,

I am new as JIRA administrator and still in learning mode. 

I am trying to figure out how to restrict the visibility of a few issues part of a JIRA Project to a selected group of user. I followed the https://confluence.atlassian.com/adminjiraserver072/configuring-issue-level-security-829827025.html instruction. However, it looks like these instructions allow to assign an issue security scheme to a whole project, not to a single issue inside a project. 

Although this question looks very basic, I am very confused. Can visibility be restricted at issue level, or at project level only? In the former case, how to do it?

thanks for any help 

3 answers

Hi Paolo.

Issue security scheme is assigned to a project, however, the scheme contains levels that allows you to restrict issue visibility.

For example, if you have an Issue security scheme called Customers that contains 2 security levels:

  • Internal: assigned to project role "Team members"
  • External: assigned to project role "Team members" and to project role "Customers" 

If you assign this Issue security scheme to a project, and every time an issue is created you (or automatically) set the Security level = Internal, only those who are members of the Team members project role will be able to see that issue. On the other hand, if an issue has set Security level = External, both Team members and Customers will be able to see it.

Regards!

how to add the two security levels to the same issue security scheme?

After creating the scheme, on the right side of the screen you´ll see Security levels link, click it and then define the levels (my recomendation is no more than 2), and then for each level you created, add to it who will have visibility (I normaly use project roles).

 

0 vote

You have to assign the scheme to the whole project, it makes no sense to apply it to a single issue. The point of the scheme is to enable you to selectively secure/hide issues within the project.

To do that you set the "level" field on the issue you want to secure.  The levels available are determined by the scheme you set up.

 

Thanks! It looks to me you Nic and Aylin have different opinions on this. I tried to follow Aylin suggestions but couldn't find a way to to assign both the security levels to the same project. 

What is really confusing is that the help webpage I put in my original comment refers to "issue level security", while, as far as I understand, it is project level security. Am I wrong?

We don´t have different opinions, I said pretty much the same as Nic smile

Nope, we posted different explanations of the same thing at about the same time.

The thing you seem to be missing is that a scheme is a configuration pattern you apply to a project.  The security scheme tells the project how to do issue security.

So, if you define a scheme that has three levels (Let's say Red, Amber, Green), then all your issues in the project will have a field with those three levels in it.  To protect/hide an issue, select the appropriate level.  (No level means "anyone who can browse the project can see it")

thanks for the clarification. Yep, I am missing something yet... I have been a JIRA user for many years but setting up things is a completely different problem.

Still trying to sort this... sad

I'm really not sure where you are stuck.  Could you explain? 

Have you created a scheme and applied it to the project?

Thanks again for your help.

Yes, I applied two of them to the same project now. However, I couldn't find the way to select the scheme in a particular issue.

And yes, I know I am confused. For some reason the whole process looks to me confusing... probably I have yet to adapt to it.

I'm totally lost now.  I don't understand why you keep coming back to putting schemes on issues when we've told you that's not how it works.

You can not "apply two schemes to a project".   Projects have a single scheme.  Issues do not have schemes, because the scheme is set on the project.

The scheme tells the issues in the project what levels are available, and the levels are rules for "who can see this issue".

Let me better explain what I have done so far:

  • I created an Issue Security Scheme (let call it "ISS") containing two groups: "All" and "Managers"
  • I applied ISS to my project (let call it TEST)
  • Now, I want for example issue TEST-1 to be visible to All, and issue TEST-2 to be visible to "Managers" only.

The problem is that I do not find the option to set TEST-1 to "All" and TEST-2 to Managers in each issue. Where is it? 

I am now trying to figure out how to set "rules". That was the missing information so far... 

 

Hi Paolo.

Now the TEST project has an ISS associated, each issue should have the field Security level where you can set the level of the security (in your case, All and Managers)

If you don´t see this field, you have to add it to screens.

Regards! Aylin.

Ok, leave TEST-1 alone - no security level means it just follows the permission scheme's rule for who can see the project.  You don't need the "all" group at all, I'd drop it to keep things simple.

For TEST-2, set the level to the level you have defined in the security scheme that limits it to Managers

One other thing we may have missed - as well as having the level on screen

  • You must have the permission to set the security level (check the permission screen)
  • You have to match the rule for a level in order to set it.  For TEST-2, you need to be a Manager!

I checked the permission and found:

Set Issue Security
Ability to set the level of security on an issue so that only people in that security level can see the issue.
  • Project Role (atlassian-addons-project-access)


I still cannot see a "level" field in an issue. If I change the permission scheme to my custom one  the Users / Groups / Project Roles column is empty. 

Do you have "set issue security" permission AND are in one or more of the levels in the secuirty scheme?

how to? I cannot find a "set issue security" anywhere.

May be relevant also that when I select an issue, and edit it, at the very end of the pop-up window there is a field called "Viewable by All Users". On the left side I can see a lock symbol. If I switch on it there are 3 options available:

 

  • All Users
  • Project Roles
  • Administrators

However, the 2nd (Project Roles) is in bold and not clickable. 

Note that I also created a Project Role with the selected group of people. 

It is in the permission scheme for the project, as we've already discussed.  You need to check the permissions and what the security scheme says.

The popup is talking about the comment you are making, it is nothing to do with the issue security.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Tuesday in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

135 views 1 17
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you