How to Restrict Approvals to Certain People or Groups?

Hi @clerambeau 

What you're describing involves two separate requirements: Process Control (approving the action) and Data Integrity (restricting field edits). Since Jira Service Management does not offer native field-level restrictions, it is best to separate these concerns.

1. The Native Solution: Using Workflow Approval Gates

Instead of trying to "lock" a field, use JSM’s native approval functionality. This ensures that only authorized users (e.g., your DBAs group) can move a ticket to the next stage

• Edit your workflow and add an Approval step to the relevant transition (e.g., "Ready for DBA Review" to "Approved")

• You can configure the approval to require a response from a specific Jira Group. The system automatically records who approved it and when, creating a permanent audit trail that cannot be tampered with by regular users. This removes the need for a manual "Approved by" field entirely

2. Restricting Field Edits (Workarounds)

If you must have a specific field that only DBAs can edit, you have three primary options in JSM Cloud - 

• Option A: Workflow Properties (The "Status Lock") You can use the jira.permission.edit.group property on a specific workflow status. This allows you to lock the entire issue so that only members of the DBA group can edit it while it is in that status.

• Option B: Automation for Jira Create an automation rule: When Value Changes for [Field] → If User is NOT in Group [DBAs] → Edit Issue (revert to previous value) and add an Internal Comment. This doesn't stop the click, but it prevents the data from being changed by unauthorized users.

• Option C: Third-Party Apps (The "Granular" Way) If true field-level hiding or "read-only" states are mandatory for your UI, you will need an app like ScriptRunner for Jira (Behaviours) or Jira Misc Workflow Extensions (JMWE). These allow you to set fields to read-only based on the user's group or role dynamically.