Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Default filters expose all issues - how can I manage the default out of the box filters

eleanor kerman
eleanor kerman
Contributor
June 29, 2021

Default filters expose all issues - how can I manage the default out of the box filters

We have a project - utilizing the cloud abilities, we have 7 different groups connected to the main project.

Each group is not supposed to view the other group's issues.

Permissions are set for each group. this works fine

BUT JIRA CLOUD has default filters the expose everything to everyone 

How can I restrict viewing through these filters. They bypass the permission schemes

 

 

Answer
Watch
Like Be the first to like this
2056 views

3 answers

0 votes
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

Atlassian KNOWS THERE IS A PROBLEM:

"The Browse Project permission may make project details visible to all users in directories and while searching Jira

There’s a known issue when granting a User custom field valueReporterCurrent assignee, or Group custom field value the Browse Project permission. In these cases, a project becomes visible to any logged in user on your Jira site.

The issue is caused by an intentional design in Jira’s backed that couples the Browse Project and View issue permissions. We’re currently working to decouple these permissions."

 

https://support.atlassian.com/jira-cloud-administration/docs/manage-project-permissions/

View More Comments
Jack Brickey
Jack Brickey
Community Champion
June 29, 2021

Thanks for sharing @eleanor kerman

Like
John Funk
John Funk
Community Champion
June 30, 2021

This is not the same as the problem you have posted, unless I am misunderstanding your need.  You want to have multiple users on the same project only see certain issues on that project. This has nothing to do with that, 

Like Jack Brickey likes this
Reply
0 votes
Jack Brickey
Jack Brickey
Community Champion
June 29, 2021

Individuals can only see issues that they have permissions to see. For example if Fred doesn’t have access to project tempo then any default filters that might include issues in that project will not be visible to Fred. However maybe you were seeing something different? If you could give some real examples of where you’re seeing problems I might be able to investigate this a bit further.

View More Comments
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

The permission scheme  

1) in order to allow the users to view the project have the browse project permission,

2) all Boards, Dashboards are managed by filters that restrict displaying, only the correct group can view their issues,

3) there are default filters, supplied by Jira, when you create a new project these filters are not editable, nor can I hide them

4. the default filter displays all issues with no regard to the security level nor the permissions. it is attached herein.

 

 

All issues JQL without save.JPGDefault filters.JPG

Like
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

There is similar issue -  

https://jira.atlassian.com/browse/JRACLOUD-71176

wonder if this has been handled?

Like
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

https://community.atlassian.com/t5/Jira-questions/Edit-Delete-Default-Filters/qaq-p/1302120

 

the above also explains the problem.

Wonder if there is any workaround/solution?

Like
Jack Brickey
Jack Brickey
Community Champion
June 29, 2021

TBH I am not using issue security but am quite surprised to hear that any filter default or otherwise would show issues to a user that stand in conflict with the security scheme.

@John Funk , you use security schemes I think? Are you seeing this behavior? If so this should be a bug that needs reporting.

Like
John Funk
John Funk
Community Champion
June 29, 2021

I can confirm that if you are using issue level security that you cannot see issues in the issues list if you don't not have access to the issue through the security. So it is working as intended. 

Like
Jack Brickey
Jack Brickey
Community Champion
June 29, 2021

Perfect!

Like
Reply
0 votes
John Funk
John Funk
Community Champion
June 29, 2021

Hi Eleanor,

I am not sure what you mean by "default" filters, but you can create and use any filters you would like and only share them with particular groups or project roles. 

Can you provide some more information as to what you are trying to do? Or where you are using the filters

View More Comments
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

Default filters.JPG

 

These are the filters, that come out of the box from JIRA CLOUD, the filter is set by JIRA

I can not override it or save it as the same name Jiraa assigned.

The filter displays all issues belonging to the project.

I have a permission scheme by the filter ignores the scheme.

Like
John Funk
John Funk
Community Champion
June 29, 2021

If all of the issues are on the same project, the only way you will be able to hide some issues from other users on the same project is to use Issue Level Security. You can find more information about how to implement that here:

https://confluence.atlassian.com/adminjiracloud/configuring-issue-level-security-776636711.html

Like
John Funk
John Funk
Community Champion
June 29, 2021

Individual boards may use different filters - and those filters might be shared with different users. But that only applies to whether the users can see the boards or not - not the actual issues. So if they just create their own filter, they could see all of the issues. 

The only around that is to use issue level security. 

Like
eleanor kerman
eleanor kerman
Contributor
June 29, 2021

The issue security scheme exists - and is in use, very good in areas I can access.

I did not find a way to implement the security scheme on the default filters 

still looking

The Dashboards and Other boards do not implement default filters, only filters I created. The default filter is supplied by Atlassian, can not see save, edited, removed....

 

Like
John Funk
John Funk
Community Champion
June 29, 2021

Users should not see issues that they cannot see as a part of the security scheme - including the project level issues.

You can test by having the user run a filter for key = ABC-123

where ABC-123 is the key of an issue they should not see based on the security scheme. If they don't see it in the filter, they should not see it in the list of issues. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.