Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Anonymous users can close issues even though the permission helper says otherwise

Rickard Schoultz
Rickard Schoultz February 10, 2014

We have configured a lot of our projects to have anonymous read access to issues, but not to be able to write or change. Now, we accidentaly found out that anonymous users can actually Close issues and I verified with two issues. Now, when I use the Permission Helper, testing with the fields:

User: (none selected)
Issue: the one that I just closed as anonymous (JAVAAPI-27
Permission: Close Issues

The Permission Helper then returned:

<dl><dt>Permission name:</dt><dd title="Close Issues">Close Issues</dd></dl><dl><dt>User:</dt><dd title="Anonymous">Anonymous</dd></dl><dl><dt>Project:</dt><dd title="Java API">X</dd></dl><dl><dt>Permission scheme:</dt><dd title="blah">XYZ Permission Scheme</dd></dl><dl><dt>Issue:</dt><dd title="JAVAAPI-27">X-27</dd></dl><dl><dt>Status:</dt><dd> Anonymous does not have the 'Close Issues' permission</dd></dl>

and also:

"Anonymous users cannot satisfy this condition, the only condition Anonymous users can satisfy is the 'Anyone' group.".

To me this seems like a bug, but is there something obvious missing?

This is JIRA 6.0.5.

Answer
Watch
Like Be the first to like this
322 views

1 answer

1 accepted

2 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2014

Ah. The permission helper only tells you about permissions. Which are a set of flags to be used in other places in the system. A lot of this flag usage is hard-coded and obvious (allow worklog delete, allow issue create, etc), but some are more nebulous because the users can configure how they get used.

The most obvious cases are "issue resolved" and "issue closed". These do NOT do what you think they do automatically, their use is configured. If you look at the default workflow, you will see perfectly logical uses for them, set up as "conditions". Such as "user can only use the resolve transition if they have the resolve permission"

But Jira doesn't know that you want to do this sort of thing automatically. Imagine you set up a workflow that has a transition from "open" to "wombled" with a name of "wombling on" - Jira can't possibly know that this should only be done by people with "resolve" permission.

What I'm heading to is "you need to add conditions to your workflow in order to make these permission flags work the way you're expecting"

View More Comments
Rickard Schoultz
Rickard Schoultz February 10, 2014

Thanks. This solved the problem. The root cause of this was that the workflow had a accidentaly a duplicate transition for "Closed". So, deleting that and reusing the standard one solved the problem.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security