security scheme and issue search

I created a security scheme according which only the user can see only the issues where the customfield Region has the value of his region (i.e. the user in the group RegionA can see only the issues where the Region customfield value is RegionA).

But each user doesn't remember the issue_key and each user needs to search in the issues or at least, after he logs in, to see the list of the issues he can see.

But with the security scheme enabled, the users cannot do serach and no issues are shown in the dashboard where the last changed issues are usually shown.

How may I enable the issue sarch at least among the issues having the related region value ?

Is this possible ?

7 answers

1 accepted

0 votes
Accepted answer

Last info about this problem.

I tested it unsuccessfully on Jira 6.0.1. The issue search shows nothing if a security level is of type Group Custom Field Value: the query shows the "No issues were found to match your search" message while each issue is reachable writing its url in the navigation bar.

If I use a security level of type "reporter" instead, it works: the issue search shows all the issues created by the user executing the search.

I just checked better and it's a jira bug

0 votes

The point of a security scheme is that it hides issues that the user can not see. You can't search for something you can't see.

So, I'm afraid Jira is doing exactly the right thing here - not leaking information you've chosen to hide.

Or have I misunderstood the problem?

You could be right, but let's suppose my project has 100 issues, and 50 of them can be browsed from users belonging to groupA and the other 50 from users belonging to groupB. And this is ok.
But if I belong to groupA and I don't remember the issuekey of all my 50 issues, I could at least have the chance to have a list of the issues I can browse according my security scheme.

This is my real problem. Is there any way to get this? Maybe also writing a my own plugin ?

You don't need to. Search the project for everything and the users in groupA will see their 50, and not the ones for groupB because they're hidden. There's no need to involved the security level at all.

If you have complex security schemes or you're using it as data as well as to just hide issues, then you can search by it. If, for example, you've got security levels of "Badger", "mushroom" and "snake", then you can use the advanced phrase "level in (badger, mushroom)" and your user will get a list of issues with badger or mushroom. BUT, only if they can see issues in badger or mushroom. Which is what security is for - it hides the issues from view and search.

Hic, this is the behaviour I expected but my query

project = PRJ AND level in ("PRJ security level")

returns no issue. Maybe I've still something wrong, since when I remove the security scheme the issues are returned

Ok, but does your account have the rights to see things in that security level?

I think yes, because if I put in the address bar the direct link to the issue that I'm enabled to browse I see them, and if I put all the others I get a violation error. The problem is only from a global point of view: I can neither search nor to get the list of the current "browsable" (from my account) issues.

I have this problem both on Jira4.1.1 and in Jira6.0

0 votes

Hi Francesco,

  • Can you confirm that you belong to the security level "PRJ security level", that is, you either belong to a group (or your user account) has been added directly to this security level. JIRA only allows you to search for issues or use security levels in a search query, that you actually belong to.
  • Can you be more specific about the error you're getting when you try to search for issues using the security level?
  • If you are actually able to directly access issues belonging to a security level by directly entering the URL in your browser, and yet can't find those same issues using the security level in the search query, you probably need to raise a ticket on to look into it properly.

I'm back on this problem. Sorry for my delay but I had some other bugs to solve :)

I found how to bypass it in Jira 4.1.1 I'll try to explain to have more help from any of you.

I read about the JRA-27590 bug and I tried to find a solution thinking to it. Well, the cf I check is a multi-select list with values like "1234 - Training North", "2345 - Training South" and so on

If I put my user (a local user) into a group named "1234 - Training North" I have the behaviour I described above that is the smae in JRA-27590. But if I put the user into a group named "1234 - training north" all is ok: the issues search shows me as results ONLY the projects havint the cf with value "1234 - Training North" (look at the capital letters)
So I have to put in lower letters only the name of the goup.

I opened with vi the binary indexes files where I found the word "training": well, in one file I found the cf values written both in capital and all in lower letters. I don't know which is the way the cache files are wtitten, but this is all I found. I also tried to follow the jira source code during the search but I really was not able to find any check vs the content of the cf.

Now I'm going to investigate this problem on Jira 6.0.1 where I'm having the same problem

P.S @Taiwo I do not get any error; I simply have "No issues were found to match your search" as result of my query

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,124 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you