A project level permission with a permission scheme is usually all you will need with your security requirements. However, sometimes you might need to take things one step further and control access permission on a per issue basis. One example of such a use case is when you have both internal and external users, such as customers working on the same project, and there are issues you do not want to share with your outside customers. In these cases, you can use issue security schemes.

Issue security allows users to set view permissions (not edit) on issues by selecting one of the preconfigured issue security levels from the system Security Level field. On a high level, issue security works in a similar way to permission schemes. The Jira administrator will start by creating and configuring a set of issue security schemes with security levels set. Project administrators can then apply one of these schemes to their projects, which allows the users (with Set Issue Security project permission) to select the security levels within the scheme and apply them to individual issues.

The starting point of using issue security is the issue security scheme. It is the responsibility of the Jira administrator to create and design the security levels so they can be reused as much as possible:

1. Browse to the Jira administration console.
2. Select the Issues tab and then the Issue security schemes option. Unlike permission schemes, there are no default issue security schemes available.
3. Click on the Add Issue Security Scheme button.
4. Enter a name and description for the new scheme.
5. Click on the Add button to create the new issue security scheme.
6. Click on the Security Levels link for the issue security scheme we just created. New issue security schemes do not contain any security levels, so we will need to add them manually.
7. Enter a name and description for the new security level in the Add Security Level section and click on the Add Security Level button. Repeat this step to add more security levels. With the security levels in place, we can now assign users who will have a view permission for each of the security levels.
8. Click on the Add link for the security level you wish to assign users to.
9. Select the option you wish to assign to the security level.
10. Click on the Add button to assign the users.

As shown in the following screenshot, we have two security levels defined, Internal Only and Public. So when an issue is set to have the Internal Only security level, only members of the demo-project-members group will be able to view the issue; anyone else will get a security error. When an issue is set to the Public security level, then anyone in Jira will be able to view the issue, provided they also meet the project level permissions set in the permission scheme used by the project: