Thanks for taking the time to respond. I had hoped that clients could just @mention anyone that is assigned to their project and not see any other People tabs or people not related to their project. 

With APRA regulations and tightening security I don't want clients to see any other client data even if it is just their name.

They LOVE the @mention feature though so hopefully maybe there will be something in the future that is locked down to project permissions.

What "issue"?

Jira lets you share your issues, so everyone can see the problems.  What is wrong with "client A has a problem, not sure B does, but let's be open that they do"?

Hello Nic,

the issue is, that there are deployment scenarios, where this "openness" is not tolerable, e.g. from data privacy perspective, or simply from company policy perspective.

Example: Software supplier Awesome software Ltd offers a Jira installation to all their customers (B2B, no B2C). For every customer a separate project is being created where the following people can access

• Account management from supplier
• Technical support from supplier
• Support staff from customer

Now I want to enhance the user experience for the customer support staff allowing them to mention my staff in comments. This at the moment is only possible by granting them global permissions, which then would also allow them to see/browse people from support staff from other customers. But it is against my policy, that they get access to contact details for other customer's person, maybe I do not prefer to disclose whom my customers are, but maybe also other customers do not want to be disclosed.

PS: it is also subject of this CR: JRASERVER-69026

That seems like quite a foolish policy to me - it tells me that you have no trust in your organisation.  

But yes, Jira doesn't support your case, and I don't think it ever will.  The improvement request you've got there won't be implemented in a way that solves your problem, if it ever makes it into the "yes, do this" list.

Hi Nic,

I guess there is a misunderstanding. From my organisation, which provides  the Jira instance, all users are open. But what I want to avoid is disclosing information, even contact information, between my customers. Neither nor do I want this.

Regards

Philip

Customers should never be able to see other users, so there's no actual problem here.

Customers can, if they are granted the global "browse users" permission. And this is required to "properly" use the "mention" functionality. Otherwise they need to manually enter the user in the comment box. With "properly" I mean here that it offers auto-completion for user name.

The ideal solution would be that the auto-completion only suggests users from the same project...

Ah, sorry, when you said "customers", I assumed you meant Service Management "customers".

You don't mean customers, you mean "people we are collaborating with in Jira".

"browse for people in the same project" simply isn't useful, and will never be implemented.  Different end users have different definitions of "in the project", and it's too variable to be of much, plus it's damn hard to code for.

I think the best you'll ever get is something to do with "I can nominate people in my team" (which you can't define with groups because everyone is in a "can log in" group)

Hi Nic,
Why can a user without browse user permission still mention another user in a comment using the notation [~user.name], but the system doesn't send an email to the mentioned user? The mentioned user is known at that point. What does sending an email have to do with browsing users anymore?