When you have a mixed group of users such as internal employees and outside consultants working on the same JIRA project, there will be issues with sensitive information that should only be viewed by internal employees. In these cases, you would want to mark those issues as internal only so other people cannot see them.
In this recipe, we will look at how to set up permissions to control access at issue level with issue security schemes.
The steps for setting up issue-level permissions are as follows:
The following screenshot shows three existing security levels. You add a new security level from the form at the bottom:
The following screenshot displays the different options you have while granting security levels:
The issue security scheme allows you to control who can access individual issues based on the security levels set. Issues with a security level can only be viewed by those who meet the criteria. Note that subtasks will inherit security levels from their parent issues.
Once we have applied the issue security scheme to a project, users with the Set Issue Security permission will be able to select a security level while creating and editing issues, as shown in the following screenshot.
It is also worth mentioning that you can only select security levels that you belong to. For example, if there are two security levels, A and B, security level A is granted to the jira-administrators group and security level B is granted to the jira-users group. Now, as a member of the jira-users group, you will only be able to select security level B.
For a user who meets the criteria for the selected security level, he or she will be able to view the issue normally. However, if a user who does not meet the criteria tries to view the issue, he or she will get a permission violation error, as shown in the following screenshot: