When configuring security for your JIRA instance, there are two areas to address:

Configuring security within JIRA

JIRA has a flexible security system which allows you to configure who can access JIRA, and what they can do/see within JIRA.

There are five types of security within JIRA:

  1. Global permissions — these apply to JIRA as a whole (e.g. who can log in).
  2. Project permissions — organised into permission schemes, these apply to projects as a whole (e.g. who can see the project's issues ('Browse' permission), create, edit and assign them).
  3. Issue security levels — organised into security schemes, these allow the visibility of individual issues to be adjusted, within the bounds of the project's permissions.
  4. Comment visibility — allows the visibility of individual comments (within an issue) to be restricted.
  5. Work-log visibility — allows the visibility of individual work-log entries (within an issue) to be restricted.

Configuring security in the external environment

If your JIRA instance contains sensitive information, you may want to configure security in the environment in which your JIRA instance is running. Some of the main areas to consider are: