Fine-grained risk security based on the JIRA user group
Some projects in EPAM JIRA where exposed to external users. There is a demand to restrict access to JIRA risks based on jira-user-groups.
3 cases were identified:
1) Access is granted to everyone
2) Access is granted to everyone except epam-external-users
3) Access is granted just for epam-teamleaders
This feature has to be accessible right from the risk creation window by EPAM staff.
The rough idea on look-n-feel could be found at http://s4.postimg.org/a6nhqac1l/user_group_selector.png
Moved the thread to xpmcrisk.epam.com
Closing this issue as it is replicated in the correct forum:
While the access restrictions is indeed important for the Test plug-in, we have a separate board xpmcrisk.uservoice.com related to the Risk plug-in.
I think this idea is more belonging there.
Additional points have to be considered:
1. In case of PO on a customer side, he wants to be able to change priorities in a backlog. For such case is required epam-developer permissions at least. So customer automatically will get an opportunity to see internal risks.
2. Need to check whether the internal risks, where specified component, will not appear in corresponding backlog or at least they have to be invisible for a customer.
I propose to use Client role for the customer, where can be combined all necessary permissions for a customer (e.g. they can be specified by request) with keeping invisibility of internal risks.
I'm ready to help in checking this use cases.