In the first part of this tutorial we learnt the importance of JIRA schemes and how to configure some of them:
- Issue type scheme.
- Issue type screen scheme.
- Field configuration scheme.
- Screen scheme.
In the second part of this tutorial we'll discover other types of schemes that JIRA provides to fine tune our projects:
- Permission scheme.
- Issue security scheme.
These schemes are used to tune the security policies you may want to establish over your JIRA instance, your projects and the issues they manage.
Before You Start
If you haven't done it yet, please read: Atlassian JIRA Configuration Tutorial: Overview of JIRA Security.
An introductory discussion about JIRA security and JIRA permissions is the subject of another blog post.
A permission scheme defines a the set of permissions to apply to a project.
A Use CaseThe default JIRA permission scheme distinguishes between the following project roles:
Users are granted the right of submitting issues into project (Create issues, Create comments, etc.) while developers are granted the right of working on issues and take them into completion (Edit issues, Close issues, etc.).
This is a starting point for refining your security policies adding actors (a project role) in your process and assigning them permissions. A first refinement might be requiring a project manager to check the developers' work on an issue before transitioning into the Closed state and letting developers transition an issue only up to the Resolved state.
How To Setup a Permission Scheme for Your Project
To setup a permission scheme for your project:
- Define the project roles your project needs: this is an optional step, since you can assign permissions to users and groups, but it's desirable to clearly organize JIRA users in sets (project roles) according to their status in each project.
- Assign users and groups to your project roles.
- Create a permission scheme for your project (possibly copying an existing permission scheme).
- Assign permissions to users, groups and project roles in the permission scheme.
- Assign the permission scheme to your project.
Issue Security SchemeAs we've seen in another post of this series, issue security scheme let administrators establish security policies to protect issues in a project. An issue security scheme defines a set of security levels and grants permissions to a set of identities to access issues in a given security level.
A Use Case
Issues in your projects could be organized in security level so that the visibility of certain issues is reduced to a subset of the users that can access a project.
In another scenario you could be sharing a project with some of your clients and would not like a client of yours having visibility of all of the issues managed in that project for confidentiality reasons.
An issue may be changing security level according to the workflow transitions it performed: just after creation, an issue could be transitioned to another security level so that a subset of users (such as a group of developers) might asses the issue and decide what to do with it. In a later time, the issue can be transitioned to another security level to be available to a wider audience.
How to Setup an Issue Security Level for Your Project
To setup an issue security scheme for a project of yours you have to:
- Create a new issue security scheme.
- Define the number of security level your project needs and create them in the issue security scheme.
- Grant permissions to a set of users for every security level in your scheme
- Assign the issue security scheme to your project.
In the following part of this series we'll explore the last two kinds of schemes that JIRA provides: the workflow scheme and the notification scheme.