Private and Public Issue Fields
In YouTrack, you can mark a custom field as Private. Only users with specific permissions can read and/or update such field. Privacy is set by the Private field property, which you can set when you create or edit a custom field.
For private fields, an extra set of permissions determines whether a user can read or update the field. If the field is private, users must have permission to Read Issue Private Fields and Update Issue Private Fields in the project, respectively. For public fields, users only need to have Read Issue and Update Issue permissions. An issue reporter only needs to have the Create Issue permission to read public fields in the issues that they report themselves.
We hope that the example below will help you understand the concept more clearly.
Use Case for Private Fields
Assume that your company has deployed a software installation for an external client. You want members of the client organization to be able to log in to YouTrack and create issues, but only want them to view and update specific fields, such as Priority and Affected version and add and view attachments.
Other fields, like State, Type, Assignee, and Fix version should only be visible to your internal developers.
To support this use case:
Create a new project for the client.
Add your developers to the project team. This grants these users the Developer role in the new project and adds them to the list of assignees automatically. By default, the Developer role is granted Read Issue Private Fields and Update Issue Private Fields permissions. If you have previously edited the default roles and have changed the set of permissions, you can create a new role for the project developers, but make sure that in addition to all other permissions they have permissions to view and edit private fields.
Create a group for members of the client organization, and assign them the default Reporter role for the project. Make sure that the role does not have permission to Read Issue Private Fields and Update Issue Private Fields.
Now, mark the necessary fields as private. In this case, the fields are Type, Assignee, and Fix version, which are intended for developers only. The State field is marked as private by default.
Note that there are a few limitations to this solution. Users can either read and/or update all private custom fields in a project or none of them.
If, for example, you want clients to view, but not update, the State field, you can grant the Read Issue Private Fields permission to the Reporter role. However, your clients are also able to read (but not update) other private fields in the project.
To manage more complex use cases for custom fields, use a workflow.
Make a Field Private
This task requires attention and accuracy: the access type is a global setting for a field, and cannot be changed at the project level. That is, if you use the same field, for example, Priority in several or even all projects in your YouTrack instance, then making a field private affects all projects that use the field.
If you have the same scheme for all your projects (for example, in all your projects you want to restrict access to issue fields like in our use case), then you can make the shared field private. If your projects differ significantly from each other, the better option is to create new fields for the project, and make them private.
To make a field private:
Select the field you want make private.
In the toolbar, click Make private button.
Click the Save button.
Repeat the procedure for all fields you want to make private.
Essentially, that's it: now your customers are reporters in the project and can create issues, but can only see and update public fields. All other fields are only available to the developers.