Configuring issue-level security

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Issue security levels are created within issue security schemes and let you control which user or group of users can view an issue. When an issue security scheme is associated with a project, its security levels can be applied to issues in that project. Sub-tasks will also inherit the security level of their parent issue.

Note, if issue security levels are available but aren't set, the project permissions will then be applied.


On this page:

Before you begin

Creating an issue security scheme

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page.
  3. Click Add Issue Security Scheme.
  4. Fill in the requested details and click Add.

Adding a security level to an issue security scheme

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page. 
  3. Click the scheme name, or the Security Levels link in the Actions column, to open the Edit Issue Security Levels page.
  4. Fill in the requested details and then click Add Security Level.

Setting the default security level for an issue security scheme

You now have the power to select the default security level that will be applied to issues assigned to each security scheme. Some things to keep in mind when setting a default security level: 

  • If the reporter of an issue does not have the 'Set Issue Security' permission, the issue will be set to the default security level. 
  • If an issue security scheme doesn't have a default security level, issue security levels will be set to 'None' (anyone can see the issues).
  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page.
  3. Click the scheme name, or the Security Levels link in the Actions column, to open the Edit Issue Security Levels page.
    1. To set the default security level, locate the appropriate Security Level and click Default in the Actions column.
    2. To remove the default security level, click Change default security level to "None" link (near the top of the page).

Adding members to a security level

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page.
  3. Click the name of any scheme or the link Security Levels to open the Edit Issue Security Levels page.
  4. Locate the appropriate security level and click its Add link (in the Actions column), which opens the Add User/Group/Project Role to Issue Security Level page.
  5. Select the appropriate user, group or project role, then click the Add button.

    A security level's members may consist of:

    • Individual users
    • Groups
    • Project roles
    • Issue roles such as 'Reporter', 'Project Lead', and 'Current Assignee'
    • 'Anyone' (eg. to allow anonymous access)
    • A (multi-)user or (multi-)group picker custom field.
  6. Repeat steps 4 and 5 until all appropriate users, groups, or project roles have been added to the security level.

Assigning an issue security scheme to a project

  1. Choose > Projects, and select the relevant project.
  2. Select the name of the project of interest. The Project Summary page is displayed.
  3. In the Permissions section of the Project Summary page, click the link corresponding to the Issues label to open the Associate Issue Security Scheme to Project page. This will either be the name of the project's current issue security scheme, or the word None.
  4. Select the issue security scheme that you want to associate with this project.
  5. If there are no previously secured issues (or if the project did not previously have an issue security scheme), skip the next step.
  6. If there are any previously secured issues, select a new security level to replace each old level. All issues with the security level from the old scheme will now have the security level from the new scheme. You can choose 'None' if you want the security to be removed from all previously secured issues.
  7. Click the 'Associate' button to associate the project with the issue security scheme.

    If the Security Level field is not displayed on the issue's screen after configuring the Issue-Level Security, use the Where is My Field? tool to see why it is not being displayed.

    If the Security Level field has been hidden on purpose, please see the limitations of doing so in Hiding or showing a field.

Deleting an issue security scheme

It's important to understand that you can't delete a issue security scheme if it is associated with a project. You must first remove any associations between the issue security scheme and projects in your JIRA installation — please refer to Assigning an Issue Security Scheme.

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page, which lists all the issue security schemes currently available in your JIRA installation.
  3. Click the Delete link (in the Actions column) for the scheme that you want to delete.
  4. On the confirmation page, click Delete to confirm the deletion. Otherwise, click Cancel.

Editing an issue security scheme

You can edit the name and description of an issue security scheme. You can also edit the Default Security Level when editing an issue, and the security level will be applied in the same manner as described in Setting the default security level for an issue security scheme.

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page, which lists all the issue security schemes currently available in your JIRA installation.
  3. Click the Edit link (in the Actions column) for the scheme that you want to edit.
  4. Make your edits, and then click Update to confirm the edits. Otherwise, click Cancel.

Copying an issue security scheme

  1. Choose > Issues
  2. Select Issue Security Schemes to open the Issue Security Schemes page, which lists all the issue security schemes currently available in your JIRA installation.
  3. Click the Copy link (in the Actions column) for the scheme that you want to copy. A new scheme will be created with the same security levels and the same users/groups/project roles assigned to them. Your new scheme will be called 'Copy of ...'. You can edit your new scheme to give it a different name if you wish.
Last modified on Apr 28, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.