I have a team responsible for organising work events at my company who use a team-managed Jira work management project.
The use-case seems simple on the surface, they want employees to have the ability to create work items to their project but not permission to view other work items in their project.
I set this up originally with an employee role that only had the Create issues permission assigned - however, I learnt that adding any permission also comes with an unspoken View issues permission.
So, to prevent them from viewing any work items I had to remove the employees from the project access completely.
Not to worry, I thought, I can use forms instead.
On the documentation from Atlassian there are three access levels:
Limited access: Only people with permission to create work items in your space.
Open access: Only people with a Jira license who are able to log in to your Jira site.
Public access: Anyone online with the link can submit a response to the form. (This option won’t be available if an admin has disabled public access on your Jira site.)
All our employees have a Jira license, so I would have thought that Open access was enough, but it wasn't. I submitted a ticket to Atlassian because I was convinced this behaviour was a bug but they assure me it's expected behaviour.
This was their response:
If the form is kept as Open and the Space is kept as Private then only the users who have access to Space will be able to access the form.
ℹ️ The same information will also be present in the info panel on top of form builder which indicates user should have access to space if they need to submit the form if the form is kept as Open. You can see the screenshot from my test instance
I've read this message more times than I can count and I can't make sense of it.
The screenshot showed the following message at the top of the form:
To allow people in the site to submit this form, make sure the selected owner has access to the space and all of its work items.
Who is the selected owner? The owner for the form, the owner of the project, or the owner of the request?
In the end, the workaround Atlassian support provided was to set the form to Public instead and allow public access on your Jira site. This seems too open in my opinion as the Events team don't need to collect requests from the public and there should be no public access to our site, I thought it was working however, so I closed my ticket but now still even with this level of access the employees don't have access to the form.
Can someone explain this to me like I'm five? What's the benefit here to having three access levels if anyone wanting to use an Open or Public form also need create (and therefore view) permissions to the project?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.