When configuring security for your JIRA instance, there are two areas to address:
- permissions within JIRA itself
- security in the external environment
permissions within JIRA
JIRA has a flexible security system which allows you to configure who can access JIRA, and what they can do/see within JIRA.
There are five types of security within JIRA:
- Global permissions — these apply to JIRA as a whole (e.g. who can log in).
- Project permissions — organised into permission schemes, these apply to projects as a whole (e.g. who can see the project's issues ('Browse' permission), create, edit and assign them).
- Issue security levels — organised into security schemes, these allow the visibility of individual issues to be adjusted, within the bounds of the project's permissions.
- Comment visibility — allows the visibility of individual comments (within an issue) to be restricted.
- Work-log visibility — allows the visibility of individual work-log entries (within an issue) to be restricted. Does not restrict visibility of progress bar on issue time tracking.