JIRA does not natively support the idea of field level security (
JRA-1330), the most popular of which is the ability to the hide Time Tracking fields from customers ( JRA-2364). We know that a lot of customers really want a way for JIRA to solve this kind of problem.
Internally at Atlassian we have been throwing around the idea of what we call "View Ports". The idea behind this is that admins can configure an alternative view of the JIRA View Issue screen for different groups. One of the items that can be configured is the ability to choose what fields are shown in the View Port.
You have a company that specialises in custom development solutions and have 10 internal staff members with 200 external customers. You want to manage all your issues in one JIRA project but you do not want to expose the time tracking fields to your customers.
View Port Solution
1. Admin creates a JIRA group for all the 'external customers'.
2. Admin then creates a View Port for this group only.
3. Admin configures the View Port to show all fields except time tracking.
When anyone in the 'external customers' group logs into a specific url, they are taken to this View Port. They will not be able to login into the normal JIRA system.
We'd love to get your feedback in this solution and if it would work for your company.