As explained earlier, the starting point of using issue security is the issue security scheme. It is the responsibility of the JIRA administrator to create and design the security levels so they can be reused as much as possible:
JIRA does not come with any predefined issue security schemes, so you will have to create your own from scratch. Perform the following steps to create a new issue security scheme:
Since the issue security scheme does not define a set of security levels like the permission scheme, you will need to create your own set of security levels right after you create your scheme.
Unlike permission schemes that have a list of predefined permissions, with issue security schemes, you are in full control over how many options you want to add to the schemes.
The options within an issue security scheme are known as security levels. These represent the levels of security that users need to meet before JIRA will allow them access to the requested issue. Note that even though they are called security levels, it does not mean that there are any forms of hierarchy amongst the set of levels you create.
Perform the following steps to configure an issue security scheme:
From here, you can create new security levels and assign users to existing security levels.
Since issue security schemes do not define any security levels, the first step to configure your scheme would be to create a set of new security levels:
You can add as many security levels as you like in a scheme. One good practice is to design and name your security levels based on your team or project roles, for example, developers only.
Similar to permission schemes, once you have your security levels in place, you will need to assign users to each of the levels. Users assigned to the security level will have permissions to view issues with the specified security level:
While it may be tempting to use the Single User option to add individual users, it is a better practice to use other options such as Project Role and Group as it is more flexible by not tying the permission to individual users and allows you to control permission with options such as group association.
You can set a security level to be the default option for issues if none are selected. This can be a useful feature for projects with a high-security requirement to prevent users (with Set Issue Security permission) from forgetting to assign a security level for their issues:
Once set as default, the security level will have Default next to its name. Now, when the user creates an issue and does not assign a security level, the default security level will be applied.
Just like permission schemes, the project administrators apply issue security schemes to projects. Applying the issue security scheme is similar to applying the workflow scheme, where there is an intermediate migration step involved. This is to ensure that existing issues with set issue security levels can be successfully migrated over to the new security levels in the scheme: