Why should we restrict Jira issue?
Typically Jira instance will be opened to non-developers like Customer Support, partners, QA and in some cases to Customers also. When a critical issue like security issue on our application is reported on Jira, we don't want non developers, especially partners/customers to view it. But still we may require other non-critical issues in our Jira project to be visible to all the members.
Solution:
1) We can restrict entire Jira project by creating a issue security scheme and appling it to a project.
2) We can make selective issues to be restricted.
In this blog, I'll describe to do the option 2.
1) Create an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Add Issue Security Scheme -> enter a name & description -> Add
2) Add a security level to an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Add Security Level -> enter name and description (Ex: Development, Only developers can see this issue)
3) Add Users/Groups/Project Roles to a Security Level
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Locate your security level -> Add -> Select the appropriate user, group or project role -> Add ( I selected a group, which has 5 members)
4) Assign an issue security scheme to a project
Administration -> choose your project from Projects -> Permissions -> Issues (None/Your issue security scheme) -> Select the issue security scheme that you want to associate with this project -> Associate
5) Setting Security on an Issue
Create/edit the relevant issue -> In the 'Security Level' drop-down field, select the desired security level for the issue -> When you save the issue, the issue will then only be accessible to members of that Security Level
Don't find 'Security Level' drop-down field on your issue? Here is what you need to do.
6) Modify your project permission scheme to allow users to set security levels
Administration -> Issues -> Permission Schemes
You can copy existing permission scheme and modify it or create new one. I prefer copy/modify
Select your permission scheme of your interest -> Copy -> It will create a copy -> Edit & provide name & description
Click permission -> Locate Set Issue Security -> Add -> I added a Group and Project Lead
This will allow your group members and Project Lead to set security levels on issue
7) Associate new permission scheme to your project
Administration -> choose your project from Projects -> Permissions -> Scheme -> Actions -> Use a different scheme
8) Add Security Level field to your project screen
Administration -> choose your project from Projects -> Screens -> Click on the screen scheme (MyORG Screen scheme) -> Select Screen (Defect screen) -> Add Field -> Select Security Level -> Add
Now you should be able to find security level field on your issue. Follow Step 5, your issue shouldn't be visible to all.
Typically Jira instance will be opened to non-developers like Customer Support, partners, QA and in some cases to Customers also. When a critical issue like security issue on our application is reported on Jira, we don't want non developers, especially partners/customers to view it. But still we may require other non-critical issues in our Jira project to be visible to all the members.
Solution:
1) We can restrict entire Jira project by creating a issue security scheme and appling it to a project.
2) We can make selective issues to be restricted.
In this blog, I'll describe to do the option 2.
1) Create an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Add Issue Security Scheme -> enter a name & description -> Add
2) Add a security level to an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Add Security Level -> enter name and description (Ex: Development, Only developers can see this issue)
3) Add Users/Groups/Project Roles to a Security Level
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Locate your security level -> Add -> Select the appropriate user, group or project role -> Add ( I selected a group, which has 5 members)
4) Assign an issue security scheme to a project
Administration -> choose your project from Projects -> Permissions -> Issues (None/Your issue security scheme) -> Select the issue security scheme that you want to associate with this project -> Associate
5) Setting Security on an Issue
Create/edit the relevant issue -> In the 'Security Level' drop-down field, select the desired security level for the issue -> When you save the issue, the issue will then only be accessible to members of that Security Level
Don't find 'Security Level' drop-down field on your issue? Here is what you need to do.
6) Modify your project permission scheme to allow users to set security levels
Administration -> Issues -> Permission Schemes
You can copy existing permission scheme and modify it or create new one. I prefer copy/modify
Select your permission scheme of your interest -> Copy -> It will create a copy -> Edit & provide name & description
Click permission -> Locate Set Issue Security -> Add -> I added a Group and Project Lead
This will allow your group members and Project Lead to set security levels on issue
7) Associate new permission scheme to your project
Administration -> choose your project from Projects -> Permissions -> Scheme -> Actions -> Use a different scheme
8) Add Security Level field to your project screen
Administration -> choose your project from Projects -> Screens -> Click on the screen scheme (MyORG Screen scheme) -> Select Screen (Defect screen) -> Add Field -> Select Security Level -> Add
Now you should be able to find security level field on your issue. Follow Step 5, your issue shouldn't be visible to all.