Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 21:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Allow bulk edit using REST API without allowing users to edit

Patricia Paguio
Patricia Paguio October 25, 2020

Hi,

I know this is a big shot in the dark, but does anyone know a way I can allow REST API to bulk edit issues without allowing users to edit the fields?

I have fields that will need to be updated using the REST API but should not be allowed by the users to edit. However, I know that the REST API allows the edits of issues if it is on the edit screen.

Is there a workaround I can implement so that users cannot edit some fields even if it's on the edit screen? Or is it somehow possible to edit via REST API without having the field in the edit screen?

Thanks in advance!

Answer
Watch
Like Be the first to like this
544 views

2 answers

1 accepted

1 vote
Answer accepted
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2020

Sorry, but Jira doesn't have field level security. You could make a custom screen scheme for that project that only displayed certain fields, but it would still apply to everyone. You can't dynamically switch between screen schemes per project based on a user profile.

However, there are some third party add-ins that provide field level security, but only for custom fields. Read this article for more information on the same topic.

Reply
0 votes
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 25, 2020

Nope. Once a user accesses the REST API with their credentials, they have equal permissions to change data as if they were logged into the web interface. If you remove the field from the edit screen to block the REST API's access, you block the same access in the web interface too.

View More Comments
Patricia Paguio
Patricia Paguio October 26, 2020

Ahhh, I see. Is there a way then to allow only users in certain project roles to edit all fields in an edit screen, but prevent users to edit some fields in the edit screen?

For example, is it possible that me as an Admin should be able to edit all fields in the edit screen so I can allow REST API with my credentials to edit these fields. But then prevent those in the Developer role access to edit half of the fields in the edit screen?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Upcoming Jira Events