Example Configuration - Use Case Customers
Table of contents
Consider the following scenario
- You have one JIRA Project
- You use it as a support project
- You have internal users (for simplicity we assume that they are all project administrators, ie in the Project role "Administrators")
- You have different customers
- Each customer has different users
- These users have different roles
- There is a "Manager"
- There is a "User"
- A user of a specific customer should ONLY SEE the issues of this customer
- Internal users should see ALL issues regardless of the assigned customer
Â
Prerequisites
- Login as a user with JIRA-Administrator rights.
- Click on "Administration" in the top right corner to browse the "Administration home page".
- Create Testusers (if needed)
- On the users view (click "Users" on the Administration home page) create
- "Customer A User 1" to "Customer A User 5"
- "Customer B User 1" to "Customer B User 5"
- "Customer C User 1" to "Customer C User 5"
- On the users view (click "Users" on the Administration home page) create
Â
Creating a JIRA Project
First create a project "SUPPORT". This is a project where different customers will be handled.
Creating Custom Fields
On the administration home page click "Custom Fields".
Then click "Add Custom Field".
After selecting "Zones Picker" proceed by clicking "next" in order to create a new Custom Field with the type "Zones Picker". Name it "Customer" in the Field Name box.
Associate the new field to screens and click "Update".
Add another Custom Field by repeating the process described before (click "Add Custom Field" etc.).
Choose "Zones User Picker" as field type for this new Custom Field and name it "Responsible User".
Click "Finish", associate the field to screens and click "Add Custom Field" again.
Create a new Custom Field with the type "Zones Multi User Picker" and name it "Users to inform".
After this associating procedure you have successfully created 3 new Custom Fields.
Configuring the ZoneField
Now configure the ZoneField "Customer". In the "Plugin" menu choose the option "Zones configuration" within the category "Zones Plugin".
First edit Role Mapping and Permissions by clicking the "Edit Zone Roles and Permissions" option for our previously created ZoneField.
As you can see, each ZoneField contains different ZoneRoles:
- Administrator and user are created by default
- The ZoneRoles can be configured individually
Now you configure the following mapping for this example:
- Add all users from ZoneRole "Administrators" to the Jira ProjectRole "Developers" and to the Jira ProjectRole "Users"
- Add all users from ZoneRole "Users" to the Jira ProjcetRole "Users"
Then configure the permissions:
- Allow administrators to edit the Custom Fields, and make all Zones visible to them
- Do not allow developers to edit the Custom Fields, and make only their own Zone visible to them.
- Do not allow users to edit the Custom Fields, and make only their own Zone visible to them.
Do not forget to click the "Save" Button!
Then edit the actual Zones and Membership
The Celix Zones Plugins provides you with two different alternatives for handling Zones and Membership:
- In "User management mode" all you need to do is to specify which users belong to a certain zone. The Celix Zones Plugin will generate the corresponding JIRA groups automatically and transparently.
- If an automatic creation of groups is not desired or possible you can still use the Celix Zones Plugin in the "group management mode": Instead of assigning users to a certain zone you must provide a JIRA group which then identifies the users of a zone (thus a group must be created manually and then has to be mapped to a Zone or a ZoneRole).
Depending on your current JIRA configuration the Celix Zones Plugin will select either "user management mode" or "group management mode" by default. Nevertheless, you always can switch between these modes manually.
This guide assumes that you do the configuration in the "user management mode"; if you are currently in "group management mode", please switch to "user management mode" manually.
Now add a Zone for customer A: choose a name for the Zone and define its Administrators and Users.
Analogously create Zones for customers B and C:
The ZoneField is configured completely now.
Configuring the Zones User Selection Custom Fields
The next step is to configure the "Zones User Selection" Custom Field named "Responsible User" (which can be reached by clicking the item "Custom Fields" on the "Administration" home page).
Find the custom field "Responsible User" and click "Configure" to the right.
Now define that "Responsible Users" shall display the users of the zones of our ZoneField "Customer" (click "Edit depends on Custom Field" to the right)
Similarly define that all users (i.e. all "Administrators" and all "Users") from the Zone shall be displayed in the "Responsible User" custom field. You do this by using the option "Edit Role Restriction".
The same configuration is used for the "Zones Multiple User Selection" Custom Field named "Users to inform".
Creating an Issue
After clicking "Exit Administration" create an issue in the SUPPORT Project.
As you are logged in as user with the JIRA Project Role "Administrator", you can see all Zones and customers.
If you change the selection of the Customer Field to "Customer C", all depending fields get updated to show users within the zone "Customer C" only.
To illustrate the "Role Restriction" feature of the Zone user pickers you now change the "Role Restriction" configuration of the custom field "Responsible Users" to the ZoneRole "Administrator".
Checking the issue screen again you will see that the field "Responsible Users" only lists users in the ZoneRole "Administrators".
If you add another user to the "Administrator" ZoneRole it will be displayed immediately.
Based on the previously configured permissions (the project role "Users" is only allowed to see its own Zones), this user can indeed only see his own Zone (simply create an issue to see the field in action):
Once the issue is created, "Customer A User 3" will not be allowed to edit the field at all (since you configured that the project role "Users" is not allowed to edit the ZoneField).
After checking the features of the Custom Fields the issue looks like the following:
Jira Groups
The ZonesPlugin automatically creates JIRA groups that correspond to Zones and ZoneRoles (if you operate in "group management mode", the ZonesPlugin will not create any groups, you have to create them and map them to the corresponding Zones manually).
In order to ensure the ZonesPlugin becomes effective in the project you need to enable the newly created ZoneField "Customer" in the project "SUPPORT".
Select projects and choose SUPPORT in the administration home page.
(If the Support Project is not listed here you find it by clicking "All 1 projects")
Then switch to the "Zones"-panel and enable the "Customer"-Zone Field.
The blue box above indicates that there are three groups ("jira-users", "jira-developers", "jira-administrators") which are not managed by the Zones Plugin, but which are still present in the project roles. In more complex configurations please check that these "unmanaged groups" are configured correctly (in this example they are indeed).
After switching to the people-panel you can observe that the Zones Plugin has mapped the created groups to the corresponding projects roles automatically (according to our previous configuration of the "Zone Roles and Permissions").
Issue Security Scheme
Now add a security scheme to prevent a user of "Customer AAA" from seeing issues of "Customer BBB".
To do this select "Issue security schemes" on the "Administration"-home page and then proceed by clicking "Add Issue Security Scheme")
Name the new scheme "Support Issue Security Scheme".
Then add a security level named "Customer".
All users in Zones are allowed to view issues belonging to their own Zone.
Now configure the access for customers - you still have to allow internal users to access all issues. Since you assumed that all users are in the project role "Administrators" you can additionally grant access to all users in the Administrator project role.
If you want all future issues to be created with this security level, just set it as default level.
Then configure the project "SUPPORT" to use the new Issue Security Scheme.
Do not forget to associate the previously created issue to the new security level:
Final check: Watching as a user from Zone "Customer BBB" you will not see the issue.
On the other hand, watching as user from Zone "Customer AAA" (or using one of the internal users) you will see the issue.