Work Item Confidentiality
Some work items contain sensitive information — security vulnerabilities, personnel matters, or pre-announcement features — that should only be visible to specific people, even within a project team. The PPM module handles this with a confidential flag on each work item.
How it works
Every work item has a confidential boolean field. When set to true, the item is hidden from most project members and will not appear in lists, searches, or board views for users who do not have access.
A confidential item remains visible to:
- Project administrators — always
- The assignee — the user the item is assigned to
- Watchers — users who have subscribed to notifications on the item
- Users with an explicit grant — individuals a project administrator has granted access to
All other project members cannot see the item. Users who are not members of the project cannot see it either, regardless of any grants — project membership is always required before confidentiality is evaluated.
Who can see confidential items
| User | Can see confidential items? |
|---|---|
| Project administrator | Always |
| Assignee | Yes, for items assigned to them |
| Watcher | Yes, for items they are watching |
| User with explicit grant | Yes, for items they are granted access to |
| Other project members | No |
| Non-project members | No |
Practical implications
- Creating a confidential item — marking an item as confidential immediately hides it from other team members who do not have one of the access relationships above.
- Searching and filtering — confidential items are excluded from query results. The application does not need to filter them out manually.
- Changing confidentiality — toggling the confidential flag off makes the item visible to all project members again.