Keychain custom fields can technically be used in Issue Security Schemes but they will not operate with 100% accuracy, due to the way Issue Security Schemes are designed in Jira.


You can define Security Levels in your Issue Security Schemes that are bound to Keychain custom fields. Jira will allow that.

When such a configuration is made, Keychain custom fields will successfully control issue access and determine who can open an individual issue's view screen.

For example if you ...

  • Create a Keychain custom field named "Delegate of Assignee"
  • Configure it to display the delegate of issue's assignee
  • Bind the Issue Security Level to this field

... then delegates of each issue's assignee will be displayed in "Delegate of Assignee" field and they will be able to open the view page of that issue. When the delegation is deactivated or has expired, that ex-delegate users will not be able to open the view page of that issue. So far it's all good.

On the other hand, Jira's Issue Security Schemes operate partly based on indexed field values. Jira searches are performed on indexed values and searches might return inaccurate results if security levels are bound to Keychain fields.

Based on the same example above; if the issue was last updated (or indexed) before there was a valid delegation defined for the assignee, a search performed by a now-valid delegate might not return the issue since "Delegate of Assignee" field was empty when the issue was indexed. Similarly, if the issue was last updated when there was a valid delegation, any search performed by an ex-delegate after the delegation has expired will still return the issue until that issue is updated (or at least indexed) again.

As summarized in this example, issue view page access will work correctly. Valid delegates will be able to open issue view pages and non-delegates or ex-delegates will not be able to. But issue searches might return inaccurate results depending on when the issue was last updated (indexed).

In such cases, since Issue Navigator screen shows field values as columns, unauthorized users might be able to view values of some fields through Issue Navigator page.

  • No labels