Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Show linked issues without having permissions in other project

Susanne Grein
Susanne Grein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 28, 2018

We are using a Jira project as an incident management tool and want to link issues from other projects (same server) to the issues in this incident management tool.

The users creating issues in the incident management project are not allowed to browse the other projects, as they are software development or test management projects with too much specific detail.

We expected the title and status of the other issues to show, but they don't. To the user of the incident management project, it looks like there's nothing linked at all.

Is there a way to show the title and status of the linked issues without granting access to the other projects?

Answer
Watch
Like Be the first to like this
4351 views

2 answers

0 votes
Jonas
Jonas
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 17, 2021

The current implementation is a big bummer for our teams, we frequently get asked why a ticket seems not to be worked on because users cannot track the status of the blocking ticket which lies in another restricted project...

These two Requests are currently "gathering interest", but the request unfortunately was already denied by Atlassian devs in the past, so I'm not confident, this will be implemented anytime soon...

https://jira.atlassian.com/browse/JRASERVER-60636
https://jira.atlassian.com/browse/JRACLOUD-60636

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 28, 2018

That cannot be done.  If you cannot see the issue at the other end of a link, you should not be able to leak data about it just because there is a link into it from somewhere else.

If you want to see information about a linked issue, you have to let the person see it.

View More Comments
Susanne Grein
Susanne Grein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 28, 2018

That's unfortunate. 

I would have expected the link to show and an error message when trying to open it ("you don't have permission to view this issue"). 

Is it not even possible to show the ID of the linked issue? When I send a link to a Jira issue via mail, the ID is shown in the URL, too. The ID doesn't seem to be a sensitive information... 

Like # people like this
Raymond Rabu
Raymond Rabu
Contributor
July 7, 2020

Is there a request somewhere to vote on to get this behaviour changed? It is rather stupid to not show at least the issue id of ALL linked issues regardless of permissions. And I will note that this would not leak any information as you can actually see it in the "History" tab of the issue. It just is a pain to find there when it should be listed on the linked issues section.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 8, 2020

Yes, and it's closed with the point that it is not secure.  Even the information that the linked issue exists can be a security leak.

Like
Raymond Rabu
Raymond Rabu
Contributor
July 8, 2020

Nic, that is already being leaked. Look in the "History" tab. What is and is not leaked should be configurable as a new permission level that shows a subset of data that "browse issue" gives. But that is for Atlassian to decide to implement or not. In the meantime, we hack around it. :) 

Alternatively, I believe allowing someone to "link to my issues" should give them access to see just the fields that issue links show (key, summary, status, priority). Really, linking should not rely an the "browse" permission. Overall, it is the conflating of these permissions that makes administering Jira messier than it ought to be.

For anyone that comes across this, the best I could find was this issue: JSDSERVER-3816

Like # people like this
Bin
Bin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2024

There is no data leaking with a new permission level that allows individuals to see the linked issues with those fields already there: key, summary, priority, assignee, and status.

Or even project setting to allow for all issues in the project to see by any individuals via linked issue section.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2024

I am sorry, but that is utterly wrong.

There is data leakage if you can see bits of an issue that you should not be able to see.  

If I cannot see ABC-123, but I can read its summary, assignee and status if I look at an issue that is linked to it, then the summary, assignee and status have been leaked to me.

There absolutely is leakage of data.

If you want to do this, you really should just admit that the user should be given access to see the issue at the other end of the link.  Not create security loopholes.

Like
Raymond Rabu
Raymond Rabu
Contributor
July 8, 2024

And that is already getting leaked. Don’t take my word on it; look for yourself in the history tab.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.