I have a suggestion about the Test Management JIRA plug-in:

Fine-grained risk security based on the JIRA user group

Some projects in EPAM JIRA where exposed to external users. There is a demand to restrict access to JIRA risks based on jira-user-groups.

3 cases were identified:
1) Access is granted to everyone
2) Access is granted to everyone except epam-external-users
3) Access is granted just for epam-teamleaders

This feature has to be accessible right from the risk creation window by EPAM staff.

The rough idea on look-n-feel could be found at http://s4.postimg.org/a6nhqac1l/user_group_selector.png

15 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Oleksiy FedorchenkoOleksiy Fedorchenko shared this idea  ·   ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Laszlo KosaAdminLaszlo Kosa (Business Analyst, EPAM) commented  · 

        While the access restrictions is indeed important for the Test plug-in, we have a separate board xpmcrisk.uservoice.com related to the Risk plug-in.
        I think this idea is more belonging there.

      • MikhailMikhail commented  · 

        Additional points have to be considered:

        1. In case of PO on a customer side, he wants to be able to change priorities in a backlog. For such case is required epam-developer permissions at least. So customer automatically will get an opportunity to see internal risks.
        2. Need to check whether the internal risks, where specified component, will not appear in corresponding backlog or at least they have to be invisible for a customer.

        I propose to use Client role for the customer, where can be combined all necessary permissions for a customer (e.g. they can be specified by request) with keeping invisibility of internal risks.

        I'm ready to help in checking this use cases.

      Feedback and Knowledge Base