-
Suggestion
-
Resolution: Unresolved
-
None
-
28
-
22
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Hi everyone,
Thanks for voting and commenting on this issue. Your feedback is key to helping us understand how you use JIRA so we can continue improving your experience. We have reviewed this issue over the last few days; unfortunately we don't have any plans to support this in JIRA for the foreseeable future.
There is add-on for JIRA Server available on the Atlassian Marketplace that may help resolve this request. However, for fine-grained security for files, we recommend keeping attachments in a dedicated document or file management application.
Please remember that jira.atlassian.com is one of many inputs for the JIRA roadmap. You can learn more about our process here.
I understand that our decision may be disappointing. Please don't hesitate to contact me if you have any questions.
Regards,
Dave Meyer
dmeyer@atlassian.com
Product Manager, JIRA Platform
Would like to be able to limit access to attachments to a certain group β similarly to limited access for a particular comment added.
Before this is implemented, I'd suggest an expicit warning on AttachFile page saying CommentViewableBy does not affect visibility of the attachment created with that comment.
- is duplicated by
-
JRASERVER-10998 Make attachments conditionally visible withing issues
-
- Closed
-
-
-
- Closed
-
-
- Closed
-
- Closed
- is related to
-
-
- Needs Triage
-
-
-
- Needs Triage
-
- relates to
-
- Closed
-
- Gathering Interest
-
- Gathering Interest
- mentioned in
-
Page Loading...
-
-
-
-
-
[JRASERVER-3893] attachments with access limited to a group
@Michal Bocek: I'm going to throw Atlassian a bone here and suggest you have a very unusual use-case, that may have a better solution than the one asked for: I would expect to have a shadow, internal ticket for the externally visible one, with the same security applied to that internal ticket and the attachments. Likely even in a completely separate project so that Issue Level Security would not even come into the picture. The link could be established by manual process or script.
PS! This is the same suggestion as https://jira.atlassian.com/browse/JRASERVER-3893?focusedCommentId=905014&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-905014
Oskar Austegard, we need to have a way to set a different Security Level for an attachment than the Issue has. Red Hat is going to use Jira as the main public-facing Red Hat Enterprise Linux bug tracker. And with Jira Issues being public we need to have a way to change the Security Level for certain attachments, for instance for log files containing internal URLs and credentials.
The "funny" thing is, that JSM has this function...and JSM is JIRA based.
So I recon this is just another thing to sell Plugins to get Atlassian more money. Maybe they'd raise the license costs? :/
It would appear that in Jira DataCenter v9.0 setting Issue Level security also applies the issue's security setting to any attachment attached to that issue. As such this looks like a solved issue? Assuming you are ok with the ticket and attachments having the same security, you could then assign access for the group in question to the ticket (and thus the attachment). Not sure why Atlassian doesn't recognize this as such.
Hi Michael ,
If it is of interest we have a paid for app called Document Vault. It has the following features
- Being able to restrict access to all Jira attachments in a project(s). This can be applied to all existing Jira attachments but is either all or nothing.
- The app provides a separate restricted area (based on user groups, roles...) that new attachments can be added to. Restrictions apply to all non Jira attachments in this area, not singularly.
If this is of interest to you then you can find Document Vault here and if you have any questions you can reach us at: support@redmoonsoftware.com
Regards
Paul
I actually wonder why RedHat would be considering such a migration at all, all things considered.
According to the number of Suggestions pending in state "Gathering Interest" since years/decade(s) here, I really wonder if a "for RedHat" comment may accelerate integration in Atlassian products...
Being able to set what group (Security Level) can see specific Jira Issue attachments is an important feature for Red Hat when moving from Bugzilla to Jira!
I experienced the opposite behavior as 823134ca6b95 describes in comment 21/Feb/2022 4:07 PM β I added an attachment in an internal note, later on, wanted to make this attachment available for the customer and copied the reference into the "reply to customer" but even after saving, the red padlock icon persisted
dmeyer If Jira is not smart enough to automatically adjust attachment visibility according to visibility of notes referencing the attachment, please provide us a toggle to manually switch at least between "internal" and "customer visible" β it's ridiculous and cumbersome I need to download the files to local disk and upload them again within the "reply to customer" and thus duplicate all files π π