Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue security scheme and level

Ambica Seshasayee
Ambica Seshasayee December 10, 2019

The requirement:

We have qualified a few issues across projects as secure issues which needs to be seen only by the assignee and reporter of the issue. The projects' Security Scheme has a level created called "Secure" so that issues that are moved to that level have only assignee and reporter access.

However, since this configuration can only be done by a System Administrator(s), it is open to errors or vulnerabilities if the sys admins inadvertently add any additional users to this level. The assignee and reporter of the issues marked "Secure" wouldn't possibly be aware of more users being able to access their secure issue.

1. Whats the best way to revert or disable any change to the "Secure" level by Sys Admins whose only users can be assignee and reporter?

2. How can assignee and reporter know who all can access their secure issue from the issue itself?

Thanks,

Ambica

Answer
Watch
Like Be the first to like this
289 views

1 answer

0 votes
John Funk
John Funk
Community Champion
December 11, 2019

Hi @Ambica Seshasayee - You might try changing the Permission Scheme to not give Sys Admins wholesale access to those Projects. Use Project Roles for the Browse Projects values to limit who can see the projects. If a Sys Admin needs access to the project, he/she should be placed in a project role by name and not as the Administrators group.

For number 2, if only the Assignee and Reporter can see the issue based on the security scheme, then they already know who has access. 

That being said, we have created additional custom fields called Needs Access, Needs Access2, etc. The security scheme allows anyone in those fields to see the issue. But only people who can already see the issue can add people into those fields - you can't add yourself, for example. 

I hope that helps!

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.