Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-14424

Separate permissions for issue filtering and project display

XMLWordPrintable

    • 0
    • 11

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Atlassian Update – 26 August 2024

      Hi everyone,
      Thank you for taking the time to share your challenges around project and issue display permissions. After a thorough review by the team, we have decided that we will not be able to implement this suggestion in the next 12-18 months. We will be maintaining this ticket's status as "Gathering Interest" in order to continue learning from all of you about pain points and challenges relating to this suggestion, and will continue to re-visit this ticket in our ongoing product planning.

      We recognise that privilege escalation can be a major challenge in using Jira, which is why we are taking steps to improve the flexibility of our permission scheme at all levels. That journey begins with our Extended Project Admin capabilities, which will be released by the end of this year, and which we hope will be just the first step in making Jira permissions more granular and powerful.

      We understand that this is not the update you may have been hoping for, especially given the longstanding nature of this issue. Please don't hesitate to contact me if you have any questions or feedback.

      Regards,
      Aditi Dalal
      adalal@atlassian.com
      Product Manager, Jira Cloud

      The "Browse projects" permission mixes up two different things: (1) permission to see a project at all, (2) permission to see project issues. These two capabilities should have distinct permissions. The current mixup drastically reduces the usefulness of granting permissions to "Reporter" and "Current assignee". A distinct "View project" permission should be required before any other permission is considered. The current "Browse projects" permission could be renamed to "Browse issues".

      Currently if you grant "Browse project" to "Reporter", ALL users can see ALL projects, even those where they have no role. Of course you can create a permission scheme per project, but that nullifies the whole point of having permission schemes.

      This subject has been extensively discussed previously (JRA-4093, JRA-4935, JRA-8950, JRA-11881, JRA-14307). A fix is identified in JRA-14307. It's great to have a patch, but much better to solve the underlying problem.

      Workaround
      This might help in some cases : https://confluence.atlassian.com/display/JIRA/Current+Reporter+Browse+Project+Permission.

              jthomas@atlassian.com Justin Thomas
              e38f85614ab3 Hakan Soderstrom
              Votes:
              15 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated: