Restrict Jira Service Management Agent access based on work type
Platform Notice: Cloud Only - This article only applies to Atlassian apps on the cloud platform.
Summary
Since JSM doesn't have the feature to set work item security directly to an Work Type, this article aims to show how to get around this limitation using Request Type Forms / Automation for Jira.
Solution
1. Create groups for each work item type
First, you need to create groups for each work type you want to restrict. This will ease how you manage agents when allowing/disallowing access to tickets.
Follow the instructions in Create groups to Create a group and Edit a group to Add members.
2. Create a new work item security scheme & security levels
Second, you need to create a new Work item Security Scheme and Security Levels and assign the groups to it.
Follow the instructions in Configure work item security schemes to Create an Work Item Security Scheme, Add a level security level, and Add members.
It's recommended to add the following groups/roles to your security level.
User / Groups / Project Roles | Reason |
|---|---|
Group (<Group's name>) | This is the group of agents that will be able to see the tickets; you can add more than one if needed. |
Service Project Customer - Portal Access | This allows customers and request participants to be able to access the tickets. |
Project Role (atlassian-addons-project-access) | This allows Automation for Jira to be able to access the tickets |
3. Associate the work item security scheme with your project
Third, you need to associate this new work item security scheme with your project.
Follow the instructions in Configure work item security schemes to Assign an work item security scheme to a project.
4. Setting the Security Level when an work item is created
Next, you can set the security level at ticket creation using Request Form or Automation for Jira.
Choose from the below options based on your requirements.
Request Type Forms
You can add the security level field to the request form and define a default value for tickets raised through the Portal. The agents can also change the field internally; follow the instructions below to customize the fields of your request form:
Go to your Project Settings.
Select Request Types.
Choose the request type name that matches the work type you're restricting to edit it.
Ensure you're in the Request Form tab and add the Security Level field to the screen.
Set the Default security level to your request type.
Save the changes.
Reminder
In case you have more than one request type associated with an work type, you'll need to repeat this process for each of them.
Automation for Jira
Follow the instructions below to create a new Automation Rule to set the Security Level when a ticket is created:
Go to Project Settings.
Select Automation.
Select Create rule.
In the Trigger, select work item created and Save.
Add a New condition, and select the If/else block.
Add a new condition and select work item fields condition, select the field: work type, condition: equals, and for value: select the work type you want to configure the restriction, then Save.
Add a new component, select Edit work item, on the "Choose fields to set..." select Security Level, and to the following field, select the Security Level you created.
If you have more than one work type to restrict, on the left sidebar, find the add else-if and click on it, then repeat steps 5a & 5b for each one of them.
In case your Security Level is not showing on the field, please review:
if the Project Role (atlassian-addons-project-access) is added to the security level
if a group you belong to is added to the security level
Was this helpful?