Content
View differences
Updated by Rosanna Sibora 27 days ago
**Scheme configuration**
* An administrator can create, edit, rename, and delete an Issue Security Configuration from the system administration area.
* Each configuration can contain one or more **security levels** (e.g., "Public", "Internal Only", "Confidential").
* Each security level supports a name and an optional description.
* One security level per configuration can be marked as the **default level** applied to newly created work packages.
**Security level membership**
* For each security level, the administrator can assign one or more of the following as members:
* Individual users
* Groups
* Project roles
* The work package **reporter/author**
* The work package **assignee**
* The work package **accountable**
* Membership entries can be added and removed independently.
**Scheme assignment**
* A security configuration can be assigned to one or more projects.
* When a configuration is assigned to a project, work packages in that project gain a "Security Level" field.
* The default level is automatically applied to existing and newly created work packages unless changed.
**Enforcement**
* Users who are not members of a work package's assigned security level cannot view, search, find, or receive notifications about that work package - even if they otherwise have permission to view work packages in the project.
* Restricted work packages are excluded from lists, boards, Gantt charts, queries, exports, and API responses.
* Attempting to access a restricted work package directly (via URL or ID) returns a "not found" response, not "forbidden", to avoid leaking existence.
**Permissions**
* A new permission "Set work package security level" controls which roles can change the security level on a work package.
* Only administrators can manage security schemes themselves.
**Auditability**
* Changes to a work package's security level are recorded in its activity/journal history.
* TDB: Changes to security level configurations are logged in the admin audit log. \[open\]: do we already provide an admin audit log?
* An administrator can create, edit, rename, and delete an Issue Security Configuration from the system administration area.
* Each configuration can contain one or more **security levels** (e.g., "Public", "Internal Only", "Confidential").
* Each security level supports a name and an optional description.
* One security level per configuration can be marked as the **default level** applied to newly created work packages.
**Security level membership**
* For each security level, the administrator can assign one or more of the following as members:
* Individual users
* Groups
* Project roles
* The work package **reporter/author**
* The work package **assignee**
* The work package **accountable**
* Membership entries can be added and removed independently.
**Scheme assignment**
* A security configuration can be assigned to one or more projects.
* When a configuration is assigned to a project, work packages in that project gain a "Security Level" field.
* The default level is automatically applied to existing and newly created work packages unless changed.
**Enforcement**
* Users who are not members of a work package's assigned security level cannot view, search, find, or receive notifications about that work package - even if they otherwise have permission to view work packages in the project.
* Restricted work packages are excluded from lists, boards, Gantt charts, queries, exports, and API responses.
* Attempting to access a restricted work package directly (via URL or ID) returns a "not found" response, not "forbidden", to avoid leaking existence.
**Permissions**
* A new permission "Set work package security level" controls which roles can change the security level on a work package.
* Only administrators can manage security schemes themselves.
**Auditability**
* Changes to a work package's security level are recorded in its activity/journal history.
* TDB: Changes to security level configurations are logged in the admin audit log. \[open\]: do we already provide an admin audit log?