Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue Level Security Questions

Vinz
Vinz January 16, 2022

Ok, so I want to dabble into issue level security and I am seemingly hitting a wall.

 

What I want to do: I want to grant a user access to one specific issue within a project.

What's the setup? -> I set up an issue level security scheme in which I decided to add a user custom filed value "shared user" -> I associated the project with the scheme and I added a user to a task in which I set the field "shared user" to that particular external employee.

When the user tries to access the issue, I would expect him to be able to see the project and within the project only the issue he was assigned to as a shared user. However, all the user sees when trying to access our instance of Jira is "your request to access Jira at example.atlassian.net was denied.

Some additional info: The user is in a group "external users" which does not have access rights to jira software. Within the project the group has been given the role of assignee (external).

Any idea what I am missing here?

Answer
Watch
Like Dave Liao likes this
729 views

2 answers

2 votes
Dave Liao
Dave Liao
Community Champion
January 16, 2022

@Vinz - hi Vincent!

That user also needs access to that Jira Cloud instance (whatever URL ending in atlassian.net).

Issue security is just one layer of security we can use to poke holes for access. Users still need product and project access before issue security works its magic.

EDIT: Adjusted my response to be slightly more clear.

View More Comments
Vinz
Vinz January 16, 2022

Thanks for the lightning fast response.

What I am trying to find out is that one of our freelancers doesn't actually have Jira Software access, but somehow can still see his issues because of the issue level security scheme. As far as my research goes, that shouldn't be possible obviously, because he doesn't have access to Jira.

Is there any scenario you can think of where that works just in conjunction with issue level security?

Something else I noticed is: When I "log in as user" and the user does not have jira software access. I can still see the projects. I then only see the issues assigned through the issue level security.

However, when I don't use the log in as feature but actually log in properly with the users username and password, I see the projects the user has access to, plus all the other issues in those projects. Also, in this case I have to grant access to the Jira software in order for the user to see anything.

This is highly odd, or am I missing something here?

 

Like
Dave Liao
Dave Liao
Community Champion
January 17, 2022

@Vinz - can you view the issue in an incognito window? Maybe there's anonymous access permitted for that Jira Cloud instance?

Or perhaps that freelancer has a second user account that they're using to see the issue?

Like
Reply
0 votes
Pramodh M
Pramodh M
Community Champion
January 16, 2022

Hi @Vinz 

Welcome to the Community!!

One thing is that if you want the user to see the issue, he should be granted Jira Software access. 

Please use roles instead of any other options at the Security level

Please use the reference below to setup Issue Security level

https://support.atlassian.com/jira-cloud-administration/docs/configure-issue-security-schemes

Thanks,
Pramodh

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.