We have a "management" project in Jira Cloud where we track sensitive information (HR, recruiting, etc.). It is secured from other Jira users by permission scheme. We've recently started using Tempo for time tracking and noticed that our report administrators are able to see the summaries from that project in the time reports.
We'd like a way to configure which projects are "secure" from a time reporting perspective and be able to mask or omit issue summaries from the time report for those projects.
Guest
| Tempo Products | Tempo Timesheets |
| Tempo Platform | Cloud |
We have a very similar setup, with a HR project for sensitive information.
I actually think that this should be considered a bug. If a user does not have access to see a ticket, then it should be considered invisible throughout. Having the worklogs appear on a ticket you don't have access to should be considered a breach in the security of the ticket.
By comparison, if a user doesn't have access to a project at all, then their time logs don't appear in the timesheet reports the create. I would expect the same behaviour from the issue security. Or at least have the individual worklog details hidden.