How to restrict search filtering on secured custom field?

Posted: Thu, 01/26/2017 - 17:44

I have a custom field based on the label field type. We have used the Field Security Plugin to secure the field from certain users, which works great. However, if the user can guess the custom field name and can guess possible values, then the user can find out which issues have that value. For example:

My field is called "Customer" and has values "A", "B", and "C". We haven't told certain users (who are external third-party partners) what the values are, but they can be guessed based on public information.

If the restricted user enters a query like "Customer = A" then JIRA returns the issues that match that query, even though the customer cannot see the customer value once the issue is displayed. But the very fact JIRA returns the issues that match the query and not the issues that don't match means the user can figure out what the values are.

Is there a way to restrict the user from searching on that custom field entirely, or for the search to not respect that part of the query?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hi there, This is a known

  • admin
  • 02/16/10
  • Mon, 01/30/2017 - 13:53

Hi there,

This is a known issue with JFS since the very beginning of the project. Unfortunately, there's no solution to this exists to date.

This may be addressed in JFS 2.0, but no ETA could be provided for this version.