Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-1330

Provide field-level security permissions

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Status

      To all JIRA users who have been watching this issue:
      We have looked at this issue from every possible angle, banging our heads together, internally feuding and exploring various resourcing options.
      We have discussed it with customers at user conferences, in email, and during meetings at their offices.

      Ultimately, however, we have decided that we will not be implementing Field Level Security in JIRA.

      We have not made this call lightly, in fact, far from it. We have always maintained an earnest desire to deliver the goods and fix the problem properly. At the same time, if we had completed the request, we saw inherent issues would arise that would burden our developers, our customers, and the product.

      The main reasons are as follows:

      • JRA-1330 requires a significant rewrite of most major components and is akin to rebuilding JIRA from scratch.
      • The development time and effort required to achieve it would be massive (12/18 months +)
      • It would totally monopolise the engineering team and NO other features or reworks would be delivered during that period
      • The implementation would add considerable "bloat" to JIRA
      • JIRA admin would become far more complex
      • It may well add major performance overhead to the product

      We've also made a number of attempts to break the feature into smaller useful chunks but these always seem extremely complex for little or no real value delivered. Whichever way we look at it we can't justify bringing all other development on JIRA to a halt for so long to provide this one feature.

      In retrospect, we missed the opportunity to address this request and your comments properly earlier, and this response comes later than it should. For that, we sincerely apologise. We remain committed to being an open company, whether it's with regards to feature requests, pricing, or bugs in our software. We will strive to answer product management questions and feature requests sooner, frequently, publicly, and more decisively.

      Workarounds
      Higher in the thread Erik S makes a comment about a workaround that may be useful for some users:
      http://jira.atlassian.com/browse/JRA-1330?focusedCommentId=55032#action_55032
      it is documented further here:
      http://confluence.atlassian.com/pages/viewpage.action?pageId=149834
      Third party commercial plugin:
      https://plugins.atlassian.com/plugin/details/23216

      We are going to close this issue, mark it as "Won't Fix". Any further options that we uncover will be noted on this issue.

      Regards
      Brett Jackson
      Atlassian Product Management

      For Cloud Users:

      Third-party commercial plugin:

      https://marketplace.atlassian.com/apps/1226365/secure-custom-fields-for-jira-field-permission-security?hosting=cloud&tab=overview 

      Related Issue: 

      https://jira.atlassian.com/browse/JRACLOUD-69298 

       

      UPDATE: We have reviewed this request again within the team and have had long conversations with our JIRA architect. This has lead to the conclusion that the original reasons for not implementing this feature still apply. We understand that this will disappoint a lot of users watching this JIRA issue, but as we are an open company we would rather be honest with you guys and let you all know now that we will not be implementing field level security. I understand many customers will want to discuss this further and they can do so by emailing me directly.

      Cheers,
      Roy Krishna
      JIRA Product Management
      roy at atlassian dot com

        1. FieldPermissionContext.java
          1 kB
        2. FieldPermissionHelper.java
          6 kB
        3. Query on highest votes with this ticket being number 8.jpg
          Query on highest votes with this ticket being number 8.jpg
          208 kB
        4. screenshot-1.png
          screenshot-1.png
          5 kB

            [JRASERVER-1330] Provide field-level security permissions

            tjwood added a comment -

            Need this too. I have to hand-type a Confluence page list of every one of our Jira Issues (just the names of the issues, nothing else) for our internal customers to see because they're not allowed to see anything else and there's no way for me to set a view that only allows people outside our team to see just the issue names.
             

            tjwood added a comment - Need this too. I have to hand-type a Confluence page list of every one of our Jira Issues (just the names of the issues, nothing else) for our internal customers to see because they're not allowed to see anything else and there's no way for me to set a view that only allows people outside our team to see just the issue names.  

            Yasin Kaan Yılmaz added a comment -

            @Jira, if you had done this, you would have gained lots of recruitment tool seekers as customers... 

            Yasin Kaan Yılmaz added a comment - @Jira, if you had done this, you would have gained lots of recruitment tool seekers as customers... 

            Nick Perkins added a comment -

            So @takeafumi your claim above about making an app to solve this problem isn't really that accurate.  Sadly Jira is NEVER doing this. Hopefully one day someone does, but I'm confident that plugin will be insanely expensive.

            Nick Perkins added a comment - So @takeafumi your claim above about making an app to solve this problem isn't really that accurate.  Sadly Jira is NEVER doing this. Hopefully one day someone does, but I'm confident that plugin will be insanely expensive.

            Lillian Shibata-Salley added a comment -

            Ok thank you

            Lillian Shibata-Salley added a comment - Ok thank you

            Takafumi Ohtake -Ricksoft- added a comment -

            Thank you for asking.

            Hello Nick,
            The app supports only custom fields. You have to create new custom fields from a custom field type the app provides to enable field-level permission.
            So, unfortunately, you can’t hide system fields and Jira standard custom fields.

            Hello, Lillian,
            It's for free now. However, it will be paid app after the beta period. We haven't determined when it will be and how much it will be.
            P.S. I think I replied to your support ticket on Oct. 4. I'm sorry if you didn't get the reply.

            Takafumi Ohtake -Ricksoft- added a comment - Thank you for asking. Hello Nick, The app supports only custom fields. You have to create new custom fields from a custom field type the app provides to enable field-level permission. So, unfortunately, you can’t hide system fields and Jira standard custom fields. Hello, Lillian, It's for free now. However, it will be paid app after the beta period. We haven't determined when it will be and how much it will be. P.S. I think I replied to your support ticket on Oct. 4. I'm sorry if you didn't get the reply.

            Lillian Shibata-Salley added a comment -

            @takeafumi - I created a ticket asking if we try it remains free or you start charging after a period of time? I didn't hear back. Don't want to start using then get charged alter - I need approval prior to any new purchases.

            Lillian Shibata-Salley added a comment - @takeafumi - I created a ticket asking if we try it remains free or you start charging after a period of time? I didn't hear back. Don't want to start using then get charged alter - I need approval prior to any new purchases.

            Nick Perkins added a comment - - edited

            Takafumi does this actually work for hiding Jira fields or just custom ones?  It does not mention time tracking or any other Jira fields in the listing.

            Nick Perkins added a comment - - edited Takafumi does this actually work for hiding Jira fields or just custom ones?  It does not mention time tracking or any other Jira fields in the listing.

            Takafumi Ohtake -Ricksoft- added a comment -

            Disclaimer: I’m a developer of the app.

            I developed an app Secure Custom Fields for Jira to resolve this problem for Jira Cloud.

            Link: https://marketplace.atlassian.com/apps/1226365/secure-custom-fields-for-jira?hosting=cloud&tab=overview

            It's a free app now.
            Please try it if you don't mind.

            Takafumi Ohtake -Ricksoft- added a comment - Disclaimer: I’m a developer of the app. I developed an app  Secure Custom Fields for Jira to resolve this problem for Jira Cloud . Link: https://marketplace.atlassian.com/apps/1226365/secure-custom-fields-for-jira?hosting=cloud&tab=overview It's a free app now. Please try it if you don't mind.

            robert.nadon added a comment -

            @Roy  a solution that would work for this would be to put security into the tab view and then special tabs could be created and fields placed into those for "hiding" certain fields from view.  

            robert.nadon added a comment - @Roy  a solution that would work for this would be to put security into the tab view and then special tabs could be created and fields placed into those for "hiding" certain fields from view.  

            Chris Fortmueller added a comment -

            @Scott McKibbin. If this is for editing fields, an automation may work.

            Chris Fortmueller added a comment - @Scott McKibbin. If this is for editing fields, an automation may work.

              Unassigned Unassigned
              534b8469bc33 Mike Aizatsky
              Votes:
              440 Vote for this issue
              Watchers:
              666 Start watching this issue

                Created:
                Updated:
                Resolved: