Leveraging Issue Security Schemes in Jira for Enhanced Privacy

Authors: Ray Ochs and Tony Hartsfield , Atlassian Certified Professionals at Valiantys.

In any business, the confidentiality of certain pieces of data (let alone issues within a Jira project) can be paramount, especially when external contractors are involved or when dealing with sensitive internal matters such as HR inquiries.

Atlassian's Jira Software offers a sophisticated feature known as the Issue Security Scheme, which serves as an indispensable tool in managing who can view specific issues within a project. As consultants at Valiantys, we have seen firsthand how effectively implementing an Issue Security Scheme can safeguard sensitive information.

An Issue Security Scheme in Jira allows project administrators to define and apply rules that limit the visibility of certain issues to specific users or groups within a project. This feature is particularly useful in projects that involve external contractors or contain sensitive internal matters that not all team members need access to.

Two common scenarios highlight the need for issue security schemes:

• External Contractors: There may be instances where external contractors working on a project do not need access to certain internal issues. By setting up a security level that excludes these contractors, project administrators can ensure that only the relevant team members can view and interact with sensitive issues.
• Internal Sensitivities: Within an organization, there could be issues related to HR, such as salary adjustments or benefits changes, that should only be visible to specific individuals or teams. Implementing an issue security scheme allows for this level of detailed control, ensuring that only authorized personnel can access sensitive information.

The setup process involves several key steps:

• Identifying Participants: Determine who needs access to the issue and who does not. This step involves defining project roles, such as creating a new role for contractors, which can be managed by the project administrator.
• Permission Scheme: Configure a permission scheme that grants the ability to set issue security levels to a designated role, such as the project administrator.
• Screen Configuration: Ensure that the issue security level field is visible on the relevant Jira screens, allowing those with the necessary permissions to set or change security levels.
• Defining Security Levels: Within the issue security scheme, define various levels of security that specify who can view the issue once the security level is applied. This can include the reporter, project administrators, or any other defined group or role.

To illustrate, let's consider a scenario where a project includes both internal team members and external contractors. By applying an Issue Security Scheme, we can create an issue that is visible only to internal team members, effectively hiding it from external contractors. This is demonstrated through the creation of an issue labeled "No Contractor", which, when applied with the appropriate security level, becomes invisible to the contractor role, ensuring that sensitive information remains confidential.

Click here to watch Hartsfield and Ochs demonstration of how to apply Issue Security Schemes --> https://youtu.be/BHiUhBaFdk8

Implementing Issue Security Schemes in Jira projects offers a robust solution for managing issue visibility and protecting sensitive information. Through careful configuration and understanding of project roles and permissions, teams can effectively control access to project issues, enhancing both security and collaboration.

----