Open Bug 372977 Opened 17 years ago Updated 15 years ago

Ability to control who can see certain fields

Categories

(Bugzilla :: Creating/Changing Bugs, enhancement, P2)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Type:
enhancement

Tracking

()

People

(Reporter: mkanat, Unassigned)

References

(Blocks 1 open bug)

Details

This is the second part of field-level security.

Only certain groups should be able to see certain fields. This should be controllable by the admin through an easy interface. Just like bug 372976, this is an OR relationship.
It's particularly important that the fields shouldn't even appear to exist anywhere in Bugzilla, if the uesr can't see them.

That might get complex, though, so we can first focus on making them disappear from the show_bug page (or anywhere else that shows their values) and then making them disappear from places like query.cgi and config.cgi.
Priority: -- → P2
I want to describe a use-case for this enhancement.

Because all users can see all fields, we use email to prioritize daily bug assignments for our developers.  Otherwise the end user/reporter would get an unrealistic expectation of completion.  e.g. Just because it's prioritized for Oct. 1, doesn't mean it will get done Oct. 1.

It would be nice to create a custom field, which is visible only to a certain group/admins so we can dynamically reprioritize our bugs without the end-user being notified of a change or able to view the field/status.
(In reply to comment #2)
> Because all users can see all fields, we use email to prioritize daily bug
> assignments for our developers.  Otherwise the end user/reporter would get an
> unrealistic expectation of completion.  e.g. Just because it's prioritized for
> Oct. 1, doesn't mean it will get done Oct. 1.

  If you're using deadlines, you can already control who can see time-tracking information by modifying the timetrackingroup parameter.
You need to log in before you can comment on or make changes to this bug.