As explained earlier, the starting point of using issue security is the issue security scheme. It is the responsibility of the JIRA administrator to create and design the security levels so they can be reused as much as possible:
- Browse to the JIRA administration console.
- Select the Issues tab and then the Issue security schemes option to bring up the Issue Security Schemes page:
JIRA does not come with any predefined issue security schemes, so you will have to create your own from scratch. Perform the following steps to create a new issue security scheme:
- Browse to the Issue Security Schemes page.
- Click on the Add Issue Security Scheme button.
- Enter a name and description for the new scheme.
- Click on the Add button to create the new issue security scheme.
Since the issue security scheme does not define a set of security levels like the permission scheme, you will need to create your own set of security levels right after you create your scheme.
Unlike permission schemes that have a list of predefined permissions, with issue security schemes, you are in full control over how many options you want to add to the schemes.
The options within an issue security scheme are known as security levels. These represent the levels of security that users need to meet before JIRA will allow them access to the requested issue. Note that even though they are called security levels, it does not mean that there are any forms of hierarchy amongst the set of levels you create.
Perform the following steps to configure an issue security scheme:
- Browse to the Issue Security Schemes page.
- Click on the Security Levels link for the issue security scheme you wish to configure. This will bring up the Edit Issue Security Levels page:
From here, you can create new security levels and assign users to existing security levels.
Since issue security schemes do not define any security levels, the first step to configure your scheme would be to create a set of new security levels:
- Browse to the Edit Issue Security Levels page for the issue security scheme you wish to configure.
- Enter a name and description for the new security level in the Add Security Level section.
- Click on the Add Security Level button.
You can add as many security levels as you like in a scheme. One good practice is to design and name your security levels based on your team or project roles, for example, developers only.
Similar to permission schemes, once you have your security levels in place, you will need to assign users to each of the levels. Users assigned to the security level will have permissions to view issues with the specified security level:
- Browse to the Edit Issue Security Levels page.
- Click on the Add link for the security level you wish to assign users to.
- Select the option you wish to assign to the security level.
- Click on the Add button to assign the users.
While it may be tempting to use the Single User option to add individual users, it is a better practice to use other options such as Project Role and Group as it is more flexible by not tying the permission to individual users and allows you to control permission with options such as group association.
You can set a security level to be the default option for issues if none are selected. This can be a useful feature for projects with a high-security requirement to prevent users (with Set Issue Security permission) from forgetting to assign a security level for their issues:
- Browse to the Edit Issue Security Levels page.
- Click on the Default link for the security level you with to set as default.
Once set as default, the security level will have Default next to its name. Now, when the user creates an issue and does not assign a security level, the default security level will be applied.
Just like permission schemes, the project administrators apply issue security schemes to projects. Applying the issue security scheme is similar to applying the workflow scheme, where there is an intermediate migration step involved. This is to ensure that existing issues with set issue security levels can be successfully migrated over to the new security levels in the scheme:
- Browse to the project administration page you want to apply the workflow scheme to.
- Select the Issue Security option from the left panel.
- Select the Use a different scheme option in the Actions menu.
- Select the permission scheme to use.
- Click on the Next button to move to step 2 of the process.
- Select the new security level to apply to the existing issue that may be affected by this change.
- Click on the Associate button to apply the new issue security scheme.