Enable user-specific attachment access control in Jira Cloud

XMLWordPrintable

    • 38
    • 8

      Summary

      Currently, Jira Cloud does not provide a built-in feature to restrict access to attachments based on individual users/groups. Project permissions and security levels can limit issue visibility, but these don't extend to fine-grained control over attachments themselves. This limitation poses challenges for projects handling sensitive information, such as PHI (Protected Health Information), where attachments need to be restricted to authorized individuals only.

      Proposed Solution

      Implement a feature in Jira Cloud that allows administrators to set user/group-specific permissions for attachments. This feature should include:

      • User/group-based permissions
        Enable the ability to specify which users/groups can view, add, or delete attachments on an issue-by-issue basis.
      • Granular control
        Allow administrators to define visibility settings for attachments, similar to issue security levels, but specifically for attachments

      Benefits

      • Enhanced data security and privacy controls
      • Compliance with legal and regulatory requirements for sensitive information
      • Increased confidence for organizations handling sensitive data within Jira Cloud

      Potential workarounds

      Project permissions
      Adjust project permissions to control who can access the project and create and delete attachments. This method limits attachment interaction but doesn't control viewing permissions for users already part of the project.

      Security levels
      Use issue security levels to restrict overall issue visibility. When an issue is not visible, attachments will be hidden, but this affects the entire issue, not just attachments.

      Third-Party apps:
      Consider using third-party apps from the Atlassian Marketplace, such as Document Vault - Secure attachments in Jira, which provide additional control over attachments and can restrict access to specific user groups

      Please note that while Atlassian offers support for certain apps (listed here), we don't provide support for third-party apps. Issues should be raised with the app vendor as stated in our Atlassian Marketplace Terms of Use - Support and Maintenance. They will be most familiar with the source and functionality of their app and be in the best position to assist.

      Separate storage
      Store sensitive attachments outside of Jira Cloud in a secure document management system that allows precise access control, and link to them from within Jira.
      Optionally, attachments can be stored in separate work items (issues) in separate projects with different access permissions.

              Assignee:
              Unassigned
              Reporter:
              Delfino Rosales (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: