I have written a Javascript code which allows to hide Custom Field from all users except groups/roles defined in script.
Be aware that this is just a visual way to hide field. It will be possible to see field in HTML source of page.
Installation: paste it in Announcement Banner and set variables based on your environment.
<script type="text/javascript"> /* Karlis Rozenbergs, 04.2016 Script allows to hide custom field for all users except groups/roles defined below. By default project admin and users mentioned in following field are allowed to see hidden field: customfield_10865 (Confirmed by) */ //Sets field to hide var hidefield = "#customfield_12345-val"; //Sets groups which ar allowed to see defined customfield var allowedgroups = ['jira-administrators']; //Sets projects where to hide customfield. If empty, all projects are selected. //example: var projects = ['TEST', 'TEST1']; var projects = ['TEST1', 'TEST2', 'TEST3']; //Sets issue type where to hide customfield. If empty, all issue types are selected. //example: var issuetype = ['19', '3']; var issuetype = ['1', '2', '3']; //Sets roles which ar allowed to see defined customfield var allowedroles = ['Developers', 'Users']; //Gets current project key issueKey = AJS.$("meta[name='ajs-issue-key']").attr("content") var project = getProjectKey(issueKey); var flag = 0; var flag1 = 0; //Check if issue is in defined project for (l = 0; l < projects.length; l++){ if (project == projects[l]) { flag = 1; } } if (flag == 1) { var issuety = getIssueType(issueKey); //Check if issue is in defined issue type for (k = 0; k < issuetype.length; k++){ if (issuety == issuetype[k]) { flag1 = 1; } } if (flag1 == 1) { var user = getCurrentUserName(); var aggrName = getIssueAggr(issueKey); var aggrName1 = getIssueAggr1(issueKey); var flag2 = 0; var flag3 = 0; //Gets urls of allowed roles var ProjRoles = []; for (k = 0; k < allowedroles.length; k++){ ProjRoles.push(getProjectRoles(project, allowedroles[k])); } //Gets allowed users var ProjectRoleUser = []; for (l = 0; l < ProjRoles.length; l++){ ProjectRoleUser.push.apply(ProjectRoleUser,getProjectRoleUser(ProjRoles[l])); } var allowedobjects= []; allowedobjects.push.apply(allowedobjects, ProjectRoleUser); allowedobjects.push.apply(allowedobjects, aggrName); allowedobjects.push.apply(allowedobjects, aggrName1); //Checks if current user is in array for (i = 0; i < allowedobjects.length; i++){ if (user == allowedobjects[i]) { flag2 = 1; } } //Checks if current user is in defined groups for (j = 0; j < allowedgroups.length; j++){ if (isUserInGroup(user, allowedgroups[j])){ flag3 = 1; } } //Checks if all projects and issue types are allowed if (projects.length == 0) { flag = 1;} //Checks if all projects and issue types are allowed if (issuetype.length == 0) { flag1 = 1;} //Hides defined field if (flag2 == 0 && flag3 == 0 && flag == 1 && flag1 == 1) { (function($) { AJS.toInit(function(){ AJS.$(hidefield).parent().hide(); AJS.$(hidefield).parent().value = ""; }); JIRA.bind(JIRA.Events.NEW_CONTENT_ADDED, function (e, context) { AJS.$(hidefield).parent().hide(); AJS.$(hidefield).parent().value = ""; }); })(AJS.$); } } } function getCurrentUserName() { var user; AJS.$.ajax({ url: "/rest/gadget/1.0/currentUser", type: 'get', dataType: 'json', async: false, success: function(data) { user = data.username; } }); return user; } function getGroups(user) { var groups; AJS.$.ajax({ url: "/rest/api/2/user?username="+user+"&expand=groups", type: 'get', dataType: 'json', async: false, success: function(data) { groups = data.groups.items; } }); return groups; } function isUserInGroup(user, group){ var groups = getGroups(user); for (i = 0; i < groups.length; i++){ if (groups[i].name == group){ return true; } } return false; } function getProjectKey(issueKey) { var projKey; AJS.$.ajax({ url: "/rest/api/2/issue/"+issueKey, type: 'get', dataType: 'json', async: false, success: function(data) { projKey = data.fields.project.key; } }); return projKey; } function getIssueAggr(issueKey) { var aggrName = []; AJS.$.ajax({ url: "/rest/api/2/issue/"+issueKey, type: 'get', dataType: 'json', async: false, success: function(data) { if (data.fields.customfield_10865) { for (var i=0; i < data.fields.customfield_10865.length; i++){ aggrName.push(data.fields.customfield_10865[i].name); } } } }); return aggrName; } function getIssueAggr1(issueKey) { var aggrName1 = []; AJS.$.ajax({ url: "/rest/api/2/issue/"+issueKey, type: 'get', dataType: 'json', async: false, success: function(data) { if (data.fields.customfield_10864) { for (var i=0; i < data.fields.customfield_10864.length; i++){ aggrName1.push(data.fields.customfield_10864[i].name); } } } }); return aggrName1; } function getIssueType(issueKey) { var issuety; AJS.$.ajax({ url: "/rest/api/2/issue/"+issueKey, type: 'get', dataType: 'json', async: false, success: function(data) { issuety = data.fields.issuetype.id; } }); return issuety; } function getProjectRoles(project, role) { var ProjRoles; AJS.$.ajax({ url: "/rest/api/2/project/"+project, type: 'get', dataType: 'json', async: false, success: function(data) { ProjRoles = data.roles[role]; } }); return ProjRoles; } function getProjectRoleUser(RoleUrl) { var ProjRolesUser = []; AJS.$.ajax({ url: RoleUrl, type: 'get', dataType: 'json', async: false, success: function(data) { if (data.actors) { for (var i=0; i < data.actors.length; i++){ ProjRolesUser.push(data.actors[i].name); } } } }); return ProjRolesUser; } </script>