Comment Security Default Cloud

Set a sensible default visibility for every new comment in Jira Cloud — by project, by group, or globally.

Cloud
Get on Marketplace ↗
Overview User Guide Reviews

Important. This app must be used with the accompanying Google Chrome extension: Comment Security Default on the Chrome Web Store. If the Chrome extension is not present then the defaults will not be set and the coloring will not be applied.

Comment Security Default for Jira Cloud lets administrators decide what the visibility on a new comment should default to, instead of leaving every comment “viewable by all users”. It runs as a Forge app paired with a Google Chrome extension that applies the configured default and coloring to the comment field in the browser. Both components are required — without the Chrome extension, defaults are not set and the coloring is not applied.

The allows you to set the default for new Comments as per Space or global configurations. These configurations allow you to set a default visibility on a per-group basis with an optional default for those not covered by the per-group configurations (if there are any). The apps offers JSM/CSM support, and comment-field coloring. Jira cloud works differently than data center, so there are not comment fields on attachments, work logs, issue links, edits, or bulk edits. There are comment fields on transitions but currently no way to set a default for this yet. This should be released soon (if it hasn’t already been).

Chrome Extension

Comment Security Default for Cloud requires a companion Chrome extension. The Forge app handles the configuration UI and publishes which default should be used for the current user, project, and comment box — but Forge is not allowed to restyle or pre-fill the native comment editor. The Chrome extension is what reads the published configuration in the browser and applies it to the comment field.

Without the extension, both the default visibility and the coloring are skipped — comments fall back to standard Jira behaviour.

Install it from the Chrome Web Store on every browser that should pick up the defaults: Comment Security Default — Chrome Web Store.

The Forge app detects whether the extension is loaded on the current page; if it isn’t, it shows a message in the configuration page, prompting the user to install it. It doesn’t have a warning in the Work Item pages.

How does Comment Security Default for Jira Cloud work?

Once both the Forge app and the Chrome extension are installed, two things happen for every comment in your Jira Cloud site:

  1. The Forge app determines which configuration applies (project first, then global; group-specific first, then the default configuration) and publishes the resulting default visibility for the current user, project, and comment box.
  2. The Chrome extension reads that configuration, sets the default visibility on the comment, and applies the background and border color to the comment field so the user can see at a glance whether their next comment will be public or restricted.

If the Chrome extension is not installed on the browser, the Forge app still publishes the configuration but nothing is applied to the comment field, defaults are not set and coloring does not appear.

Data storage: Configurations are stored in Forge storage inside your Atlassian Cloud instance. Comment Security Default does not send comment content, user data, or configurations to any Redmoon Software server.

Global Configuration

The global configuration applies to every project in your site, unless a project has its own configuration that takes precedence.

Open Apps → Manage apps → Comment Security Default in your Jira Cloud site to open the global configuration page.

The page lists every configuration in priority order. There are two kinds of configuration:

Comment Security Default — security level dialog

  • Group configurations — only apply to users in one or more named user groups.
  • Default configuration — applies to everyone the group configurations did not match. There is at most one default configuration per scope.

For each row you can move it up or down to change its priority, edit it, duplicate it, or delete it. Click Add to create a new configuration.

The configuration that is used for a comment is chosen like this:

  • Config is blank

  • If there is a project configuration and it is enabled then:

    • Use that as the config

  • Otherwise if there is a global configuration and it is enabled then:

    • Use that as the config

  • If there is a config:

    • For each non-default line in the config, top to bottom:
      • If the current user is in one of the configuration’s groups, use it.
    • Otherwise, if the project has a default configuration, use it.

Important: If you want to target user groups, the underlying Jira setting must allow it. Go to System → General configuration → Comment visibility and set it to “Groups & Project Roles”.

Add / Edit Configuration

Adding or editing a configuration opens a page with four sections, shown one after another.

Groups

The Groups zone has a single field. Enter one or more user groups; the configuration only applies to users in at least one of those groups. Leave Groups empty to make this the default configuration that applies to everyone the group configurations did not match.

Comment Security Default — Group Configuration

Security Defaults

The Security Defaults zone has two fields:

  • When Default is Missing — controls what happens if the role or group named in the default is not available to the current project or user. The options are:
    • Ignore — fall back to “viewable by all users”.
    • Prompt Selection — opens the security selector and leaves it open. The user then needs to select one
  • Default for New Comments — the role or group that new comments default to.

Edit-issue defaults, attachment defaults, link defaults, and work-log defaults from the Data Center version are not present in the Cloud version because Jira no longer has comments in those locations.

Comment Security Default — Group Configuration

Color Comment Fields

Comment coloring highlights whether a new comment will be viewable by all users or restricted. Pick a background color and/or border color for each case. The Chrome extension is what applies these colors to the comment field in the browser, so coloring only appears for users who have the extension installed.

Comment Security Default — Color Configuration

The image below is an example of a comment field colored

Comment Security Default — colored comment fields

Colors are stored on the configuration. If you use multiple configurations, each one needs its own colors set.

JSM and CSM

The JSM and CSM zone has a single toggle — Enable Security Defaults for JSM and CSM — which defaults to on. When enabled, this configuration applies to comments in Jira Service Management and Customer Service Management projects in addition to standard Jira projects.

Comment Security Default — JSM/CSM Configuration

Project Configuration

Every project can have its own configuration. The page looks and behaves exactly like the global configuration page — same table, same Add/Edit form — just scoped to one project.

Open the project, then go to Project settings → Comment Security Default.

Project configurations take precedence over global ones. If no project configuration matches the current user (and there is no project-level default configuration), the global configurations are checked using the same precedence rules.