Typically Jira instance will be opened to non-developers like Customer Support, partners, QA and in some cases to Customers also. When a critical issue like security issue on our application is reported on Jira, we don't want non developers, especially partners/customers to view it. But still we may require other non-critical issues in our Jira project to be visible to all the members.
1) We can restrict entire Jira project by creating a issue security scheme and appling it to a project.
2) We can make selective issues to be restricted.
In this blog, I'll describe to do the option 2.
1) Create an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Add Issue Security Scheme -> enter a name & description -> Add
2) Add a security level to an issue security scheme
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Add Security Level -> enter name and description (Ex: Development, Only developers can see this issue)
3) Add Users/Groups/Project Roles to a Security Level
Administration -> Issues -> Issue Security Schemes -> Select your scheme -> Security Levels -> Locate your security level -> Add -> Select the appropriate user, group or project role -> Add ( I selected a group, which has 5 members)
4) Assign an issue security scheme to a project
Administration -> choose your project from Projects -> Permissions -> Issues (None/Your issue security scheme) -> Select the issue security scheme that you want to associate with this project -> Associate
5) Setting Security on an Issue
Create/edit the relevant issue -> In the 'Security Level' drop-down field, select the desired security level for the issue -> When you save the issue, the issue will then only be accessible to members of that Security Level
Don't find 'Security Level' drop-down field on your issue? Here is what you need to do.
6) Modify your project permission scheme to allow users to set security levels
Administration -> Issues -> Permission Schemes
You can copy existing permission scheme and modify it or create new one. I prefer copy/modify
Select your permission scheme of your interest -> Copy -> It will create a copy -> Edit & provide name & description
Click permission -> Locate Set Issue Security -> Add -> I added a Group and Project Lead
This will allow your group members and Project Lead to set security levels on issue
7) Associate new permission scheme to your project
Administration -> choose your project from Projects -> Permissions -> Scheme -> Actions -> Use a different scheme
8) Add Security Level field to your project screen
Administration -> choose your project from Projects -> Screens -> Click on the screen scheme (MyORG Screen scheme) -> Select Screen (Defect screen) -> Add Field -> Select Security Level -> Add
Now you should be able to find security level field on your issue. Follow Step 5, your issue shouldn't be visible to all.