Currently, if a user has the "View All Worklogs" permission for a project, Tempo returns worklogs for issues regardless of whether the user has access to view the specific issue. While issue details are masked, the worklogs themselves are still visible. The customer requests that worklog visibility adhere to issue security levels to ensure consistent behaviour with Jira's access controls.
Worklogs should only be visible to users who have both the "View All Worklogs" permission and access to view the specific issue as defined by the issue security scheme.
Tempo Products | Tempo Timesheets |
Tempo Platform | Cloud |
We were not aware of this 'limitation' until yesterday. It appears that you can limit viewing all worklogs up to a project-level. Meaning, user can or cannot view all worklogs on all issues within one project.
Our requirement is that particular users can view particular issues within the project (set by security levels), and within visible issues, some users would need to view all worklogs on an issue.
For example, User A is external collaborator on a project and can view only KEY-1 and KEY-10 issues. The same user needs to work on both issues but needs to view all worklogs on KEY-1 while only seeing their own worklogs for KEY-10.
If you would grant this user "View All Worklogs" permission, whether via project role, user picker field or somehow else, they would still be able to view all hours logged by all users on all issues (no matter if they are restricted or not), the only thing, if the issues are restricted, is that they wouldn't be able to view issue keys in the report.
IMO, this completely differs from standard Jira behavior and respective permissions when it comes to, for example, security levels and viewing particular 'hidden' object data.
So, we're asking for "View All Worklogs" permission to respect users ability to view issue/issue data.
Cheers,
Tobi