set visibility of certain issues to reporter and assignee(s) only

Hello there.

 

This is my first question here, so please bear with me if i'm doing something wrong.

 

I'm searching a solution for the following problem:

Some issues may contain personal data and therefore their visibility should be limited to certain people. This is relevant for any project we are having. Using a security level and adding these people is not feasible because they can be different based on the type of project or even based on the type of issue and my change very often.

 

This is what the solution should look like:

When creating a new issue there should be a checkbox or field that states, that this issue should only be visible for certain people like reporter, current assignee and past assignee(s) - (and maybe administrators too). But this should only apply to this specific issue, not to the whole project.

 

I found this question Issue Security - 'participants' only permission which is kind of similar.

 

Thanks in advance for any help you can provide!

1 answer

0 votes

Apart from "checkbox", you have pretty much defined "security level", so I'm not sure why you can't use that.  

The older question you've found discusses the "past assignee" problem you have, which you can't quite fix without a bit of code, but the rest of your question is screaming "use security level".

Could you explain why you think security levels are not the way to do this?

From what I have unterstood, security levels work like groups and relevant people have to be in these different groups.

But at the time issues are created, we don't know which people will be working on them.

Let's assume we have projects P1 and P2 and further let's assume we have Person A, B, C, D and E.

In general, everyone can see any issue.

But now A creates an issue in P1 that contains personal data and assigns it to E to work on it. Issue should only be visible to A and E.

In P2 another issue which contains personal data is created by B and is assigned to D to work on it. This should only be visible to B and D.

Using a security level which A,B,D and E are part of, would make both issues visible to all these people.

Later in P1 another issue with personal data is created by A but now assigend to C to work on it.

Now I would have to edit the security level participants and add C and he would also see thoser other issues mentioned before.

And finally issues without personal data are created in different projects, those should be visible to all people.

No. Security levels *can* be done by group, but that is not the only option. You can use project roles, dynamic roles (assignee/reporter), and user or group custom fields as well. So, the answer is to define a security level to say "only reporter and assignee" (and participants), don't use any groups in it and you're done.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,105 views 13 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot