How to limit user to only browse issues assigned to or reported by them
This article only applies to Atlassian's server products. Learn more about the differences between cloud and server.
This KB article is designed to address the use case where users are able to browse all issues in the project and not only the ones they are assigned to or reported by them. This is fixed by Configuring issue-level security, which is described in further detail in that link.
By following the proposed solution, the below will be implemented:
- If user Mary is assigned to an Issue, she'll be able to see it because she'll be the 'Current Assignee'.
- If user Mary belongs to a group inside the 'Project Roles (Developers)' then she will also be able to see it.
- If she is not in either of them, she will not see the issue.
On JIRA Core Server, our How to customise JIRA Core so reporters only see issues they reported documentation can also be followed to achieve this goal, however it requires a customisation as detailed in the article.
The following example is to restrict issue view to Assignee but it can be used for Reporter as well. Additionally it details how to create a generic scheme with that restriction that may be applied to several projects.
- As per Configuring issue-level security, follow "Creating an issue security scheme" and name it "Assignee and Developers Security Scheme".
- As per "Adding a security level to an issue security scheme":
- Create a Security level named: 'Assignee and Developers'.
- Add 'Current Assignee' to that Security Level (you may add Reporter as well).
- Add 'Project Role (Developers)'.
- Set it to 'Default'.
Continue by "Assigning an issue security scheme to a project" (your projects).
The 'Project Role (Developers)' was used to make it generic. The 'Roles' will help you use the same Generic Security and Permissions schemes on multiple projects. You can define different groups into Roles for different projects and still use the same Scheme we just created. (see Managing project roles for more information).
A Security Level was assigned to the project to restrict access only to Assignees and Developers to the issues on that project. Watchers must be in the Developers group to have access. If you have a Watchers Group or Role, also add it to the Security Level. Remember that by using Roles you can use the same Security Scheme for other projects too.
It is possible to set the Browse Project permission to be to Assignee or Reporter, however due to the below bugs this will make the project visible to all users.