...

Please read the Users documentation to learn how to check if the user belongs to a group and the user’s permissions (global, project, and issue levels) for the current user executing a query and dropping the records that do not match your security criteria,.

Ignoring Zephyr permissions allows making Zephyr -based reports (read-only) for all the Jira users. As mentioned, if you want to restrict them to a particular group or a set of users having specific permission, it is possible by joining the USERS-related tables mentioned above to support this kind of security-constraintsfor the rest of the organization without requiring extra Jira configuration. But the responsibility of avoiding data leaks remains now on the trusted user writing the query.

Download ZEPHYR Database Schema

...