Restrict access to issues based on a custom field value using Automation
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Summary
This knowledge-base article provides steps on how to restrict user access to tickets based on custom field values in the Jira Service Management (JSM) cloud.
Use Case
Limit access to issues for a set of users based on a custom field's value in Jira Service Management. For example, there is a custom field titled "Application" with values "Alpha" and "Beta", you can set it so that only Alpha users can view tickets related to the "Alpha" application and similarly, only Beta users can view tickets related to the "Beta" application.
NOTE: We can set issue-security directly using User Picket or Group Picker. For all other custom field types, please use this automation.
Solution
This can be achieved by using issue security levels and automation rules in JSM.
Below are the steps to do so:
Create a Security Level:
- Navigate to 'Project settings'.
- Choose 'Issue security schemes'.
- Add a new security level. Name it as per your preference, for example, 'Restricted Access - Alpha App Users & Beta App Users'. Assign this security level to the selected group of users who need access to the "Alpha App" application tickets.
For detailed information please refer to Configure issue security schemes.
Example of Issue Security:
Set up Automation:
- Navigate to Project Settings > Automation > Add a new rule.
- The automation rule can be created as follows:
- When: Issue Created
- IF Condition: Issue Field Value - Application custom field equals 'Alpha App'
- Action: Edit Issue - Security Level to 'Restricted Access - Alpha App Users'
- ELSE IF Condition: Issue Field Value - Application custom field equals 'Beta App'
- Action: Edit Issue - Security Level to 'Restricted Access - Beta App Users'
- IF Condition: Issue Field Value - Application custom field equals 'Alpha App'
- When: Issue Created
Example of automation rule:
By setting up this automation rule, issue security level is set based on the value in Application custom field and either the users in 'Alpha Users' or 'Beta Users' group can view or edit the issue.
Result: