Community
Products
Jira
Questions
How to restrict a group or users from editing ANYTHING except 2 custom fields?

How to restrict a group or users from editing ANYTHING except 2 custom fields?

I've looked everywhere for this one, so I hope someone could help out.

I have a group with a few users (let's call them Group A) that we need them to not be able to edit ANYTHING on an issue screen EXCEPT for 2 custom fields. Group A can just view the other fields. While at the same time, anyone not in the group should still be able to edit all the fields on an issue.

I've tried using Scriptrunner's Behavior except conditions, but the group can still edit other fields. I've tried granting permission to only Browse Project only, but then the Group A can't see the Edit button on issues.

Just want to know if it's possible.

1 answer

1 accepted

0 votes

Answer accepted

You will need to remove all permissions from Group A to do anything except transition issues, then move all the other field edits into transitions (so have a transition from Open to Open that goes through a screen that includes all the fields you want to protect) and protect the transitions with conditions that only let Group B use them.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

By removing Group A from all permissions except transition issues, Group A can't edit the 2 custom fields. Group A doesn't need to transition an issue, they simply need to be able to edit an issue, either check box a field or leave a custom field comment, but they're not allowed to touch anything else on the issue.

I guess what I'm looking for is a way for Group A to click the Edit button on an issue, and all the fields are grayed out except for 2 custom fields dedicated to them.

I've read that field-level security is not possible, but was hoping for a workaround.

EDIT: I was thinking if there was a way in ScriptRunner Behaviors, if I create a custom script that hides all fields except the 2 custom field, would that suffice? Do you or anyone know what's the correct syntax?

EDIT 2: I figured it out! It helps to talk with someone here to help me re-wire my thinking. I'll leave my answer here so that others can reference. It's a tedious coding depending on how many fields you have in an issue, but this works for me. Basically what I did was use Scriptrunner Behavior, map it to the project and issue type I want, and type in this code in the Initialiser box:

import com.atlassian.jira.component.ComponentAccessor

def groupManager = ComponentAccessor.getGroupManager()
def group = ComponentAccessor.groupManager.getGroup("ENTER CUSTOM GROUP NAME HERE")
def currentUser = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()

//from here add as many fields you want to be read only
def customFieldA = getFieldbyName("ENTER CUSTOM FIELD NAME HERE")
def customFieldB = getFieldbyName(:ENTER CUSTOM FIELD NAME HERE")

if (ComponentAccessor.getGroupManager().getGroupsForUser(currentUser)?.find {it.name == "ENTER YOUR GROUP NAME HERE"}){
   customFieldA.setReadOnly(true)
   customFieldB.setReadOnly(true)
}

//etc with all your fields

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Bear in mind that Behaviours can only control edit in certain places. People will still be able to edit in other places, and it can't stop REST access at all (it's done by the browser, and even when it is working, users can override them)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

How to restrict a group or users from editing ANYTHING except 2 custom fields?

1 answer

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events