I'm back on this problem. Sorry for my delay but I had some other bugs to solve :)

I found how to bypass it in Jira 4.1.1 I'll try to explain to have more help from any of you.

I read about the JRA-27590 bug and I tried to find a solution thinking to it. Well, the cf I check is a multi-select list with values like "1234 - Training North", "2345 - Training South" and so on

If I put my user (a local user) into a group named "1234 - Training North" I have the behaviour I described above that is the smae in JRA-27590. But if I put the user into a group named "1234 - training north" all is ok: the issues search shows me as results ONLY the projects havint the cf with value "1234 - Training North" (look at the capital letters)
So I have to put in lower letters only the name of the goup.

I opened with vi the binary indexes files where I found the word "training": well, in one file I found the cf values written both in capital and all in lower letters. I don't know which is the way the cache files are wtitten, but this is all I found. I also tried to follow the jira source code during the search but I really was not able to find any check vs the content of the cf.

Now I'm going to investigate this problem on Jira 6.0.1 where I'm having the same problem

P.S @Taiwo I do not get any error; I simply have "No issues were found to match your search" as result of my query

Hi Francesco,

• Can you confirm that you belong to the security level "PRJ security level", that is, you either belong to a group (or your user account) has been added directly to this security level. JIRA only allows you to search for issues or use security levels in a search query, that you actually belong to.
• Can you be more specific about the error you're getting when you try to search for issues using the security level?
• If you are actually able to directly access issues belonging to a security level by directly entering the URL in your browser, and yet can't find those same issues using the security level in the search query, you probably need to raise a ticket on http://support.atlassian.com to look into it properly.

I think yes, because if I put in the address bar the direct link to the issue that I'm enabled to browse I see them, and if I put all the others I get a violation error. The problem is only from a global point of view: I can neither search nor to get the list of the current "browsable" (from my account) issues.

I have this problem both on Jira4.1.1 and in Jira6.0

Hic, this is the behaviour I expected but my query

project = PRJ AND level in ("PRJ security level")

returns no issue. Maybe I've still something wrong, since when I remove the security scheme the issues are returned

You could be right, but let's suppose my project has 100 issues, and 50 of them can be browsed from users belonging to groupA and the other 50 from users belonging to groupB. And this is ok.
But if I belong to groupA and I don't remember the issuekey of all my 50 issues, I could at least have the chance to have a list of the issues I can browse according my security scheme.

This is my real problem. Is there any way to get this? Maybe also writing a my own plugin ?

The point of a security scheme is that it hides issues that the user can not see. You can't search for something you can't see.

So, I'm afraid Jira is doing exactly the right thing here - not leaking information you've chosen to hide.

Or have I misunderstood the problem?