Access Control

    This page contains an overview of access control and permissions in Google Issue Tracker.

    Issue Tracker provides fine-grained access control for components and other features like hotlists , bookmark groups and saved searches . This allows administrators and users to control who has what kind of access to tracking data managed by the tool. The access control model in Issue Tracker has two parts: identities and permissions .

    Identities

    Identities specify which users can perform actions in Issue Tracker. Issue Tracker supports the following types of identities:

    • Users
    • Groups
    • Public

    Users

    A user is an individual user identified by a Gaia ID. Gaia is the ID management system for all Google products. This ID may be an email address associated with a Google domain (for example, user@gmail.com ) or an email address in another domain that has been configured by a Google Workspace domain administrator.

    Groups

    A group is a Google Group in the google.com or googlegroups.com domain (for example, group@googlegroups.com ) that contains individual users, all of whom need to share the same level of access to tracking information.

    Public

    The Public group is a special group that contains all users including users who are not signed in to a Google Account.

    Permissions

    Permissions specify which actions can be performed in Issue Tracker. These permissions are managed on a per-identity basis for each component, hotlist, bookmark group or saved search. Component permissions control access to the component and to all the issues that it contains. Hotlist, bookmark group and saved search permissions control access on a per-entity basis. This means, for example, that each hotlist has its own permissions and that these can be granted to a specific user or a group as required.

    Components

    Component permissions control which actions can be performed on components and on the issues that they contain. Only Google employees can set or modify permissions on components.

    Components have the following types of permissions:

    • Admin Components
    • Create Issues
    • Admin Issues
    • Edit Issues
    • Comment on Issues
    • View Issues
    • View Components
    • View Restricted
    • View Restricted+
    • Expanded Access

    These permissions are managed on the component administration page.

    The Access Control tab that is shown on the component administration page

    Admin Components

    The Admin Componentspermission allows users to view and change properties of the component itself. This includes changing the component name and description, creating and editing custom fields, creating child components, changing the parent component, creating templates and managing access control.

    Only Google employees are granted Admin Componentspermission.

    Create Issues

    The Create Issuespermission allows users to create issues in the component. Users and groups who have Admin Componentspermission always have Create Issuespermission as well.

    Admin Issues

    The Admin Issuespermission allows users to perform administrative actions to manage issues within a component. This includes changing the restriction level or deleting an issue.

    Users and groups with this permission always have Edit Issues, Comment on Issues, and View Issuespermission as well.

    Edit Issues

    The Edit Issuespermission allows users to change the values of issue fields.

    Users and groups with this permission always have Comment on Issuesand View Issuespermission as well.

    Comment on Issues

    The Comment on Issuespermission allows users to view issues in the component and to add comments to it. Users and groups with this permission are not allowed to edit the values of other issue fields.

    Users and groups with this permission always have View Issuespermission as well.

    View Issues

    The View Issuespermission allows users to view issues in the component. This permission doesn't allow making any updates to the issues. Users with Admin Issues, Edit Issues, or Comment on Issuespermission are also considered to have View Issuespermission. Users and groups without this permission cannot find or view issues in the component.

    View Components

    The View Componentspermission allows users to view the properties of the component. This includes viewing the component name, description, custom field definitions, templates, and access settings. Note that this doesn't give users view access to the issues in the component. The field is auto-populated with users and groups listed in other access settings, and cannot be updated manually.

    View Restricted

    The View Restrictedpermission allows users to access specific content marked for restricted access. This applies to comments and attachments that have been marked with a restricted access setting.

    Users with View Restricted+permission are also considered to have View Restrictedpermission.

    View Restricted+

    The View Restricted+permission allows users to access specific content marked for restricted access. This applies to comments and attachments that have been marked with a restricted+ access setting.

    Users and groups with this permission always have View Restrictedpermission as well.

    Expanded Access

    The Expanded Accesssetting automatically increases permissions for users on a per-issue basis, based on their role. For example, if a user is the Assignee , this setting automatically gives them permission to edit the issue. This allows the user to make edits to the issue while it is assigned to them, but does not change the user's permissions for all issues in the component. If the user is removed from that role, they lose the expanded access.

    This setting automatically grants the following permissions:

    • Assignee receives edit access
    • Verifier receives edit access
    • Collaborator receives edit access
    • CC'd users receive comment access

    When a group is given a role on an issue, all members of the group gain the corresponding permission.

    Explicit access warnings

    When Expanded Accessis turned off, it's possible to add a user to an issue they cannot access. To prevent confusion, Issue Tracker warns you when you make one of the following assignments:

    • Assignee does not have editaccess
    • Verifier does not have editaccess
    • Collaborator does not have editaccess
    • CC'd user does not have viewaccess
    • Mentioned user in a comment does not have viewaccess

    You should grant users the appropriate permissions before assigning them a role. If the user does not have at least read access before the assignment is made, they don't receive an email notification about the issue.

    Issue Access Limits

    Issue-level access limits enable Issue Admins to choose to limit access to specific issues. Learn more .

    Hotlists

    Hotlist permissions control which users can view a hotlist, edit hotlist details, and add and remove issues in a hotlist. Hotlists have the following types of permissions:

    • Admin
    • View and append
    • View only

    When you create a hotlist, you are granted Adminpermission. The hotlist is private to you by default until you grant other users or groups the Admin, View and appendor View onlypermissions.

    Admin

    The Adminpermission allows users to edit hotlist details . This includes editing the title and description, managing permissions, and archiving and unarchiving the hotlist. When you create a hotlist, you are granted the Adminpermission automatically, but you can transfer this permission or grant this permission to additional users and groups.

    View and append

    The View and appendpermission allows users to add issues to and remove issues in the hotlist. Users with this permission can also reorder the hotlist issues. Users or groups who have Adminpermission for a hotlist always have View and appendpermission as well.

    View only

    The View onlypermission allows users to view a hotlist. This includes finding and adding the hotlist to the left-hand navigation, viewing the list of issues that are part of the hotlist, and viewing the title, description and permissions for the hotlist. Users or groups who have Adminor View and appendpermission for a hotlist always have View onlypermission as well.

    Hotlist and issue visibility

    Note the following:

    • Permission to view a hotlist does not itself grant permission to view the issues on the hotlist. Issues the user does not have access to view appear only by ID in the hotlist without the issue title.

    • Users who view an issue will only see that it is a member of a hotlist if they also have at least Viewpermission for the hotlist itself. A record of when the issue has been added or removed from a hotlist appears in the issue history , but without Viewpermission, only the hotlist ID is visible.

    Bookmark groups

    Bookmark group permissions control which users can edit and view a bookmark group. Bookmark groups have the following types of permissions:

    • Admin
    • View only

    When you create a bookmark group, you are granted Adminpermission. The bookmark group is private to you by default until you grant other users or groups Adminor View onlypermission.

    Admin

    The Adminpermission allows users to edit bookmark group details . This includes editing the title and description, adding and removing hotlists and saved searches, and archiving and unarchiving the group. When you create a bookmark group, you are granted the Adminpermission automatically, but you can transfer this permission or grant this permission to additional users and groups.

    View only

    The View onlypermission allows users to find and view a bookmark group . This includes viewing which hotlists and saved searches are part of the bookmark group, as well as its title, description and permissions. Users or groups who have Adminpermission for a bookmark group are always granted View onlypermission as well.

    Saved searches

    Saved search permissions control which users can edit and run a saved search. Saved searches have the following permissions:

    • Admin
    • View and execute search

    When you create a saved search, you are granted Adminpermission. The saved search is private to you by default until you grant other users or groups the Adminor View and execute searchpermission.

    Admin

    The Adminpermission allows users to change properties of the saved search . This includes editing the title and description, changing the search criteria, and deleting the search.

    The View and execute searchpermission allows users to run a saved search or make a copy of it. Users or groups who have Adminpermission for a saved search always have the View and execute searchpermission as well.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: