User Permissions

Hi John,

Thanks for your prompt reply. I have been trying, with some success, with Permission Schemes which, as it appears to me, to be the only way to do this. I created one permission scheme for a Read-only user and tweaked the project permissions under this scheme. And I created another Scheme for Read-write user (but seems like admin user - can see R/O user issues!). 

Another question is this: can I associate those two users with the same project? If so, how can I do that?

Thanks

Well, the easiest way is to control the permissions by project role. So place the users in two different roles in the project - Project Settings > People

Then grant both roles permission to Browse Project in the permission scheme.

Then grant only the one who can write (updates and create issues) the Create Issues and Edit issues permissions. 

Hi John,

I managed to do this through project roles as you outlined before. Thanks.  However, when I created a project, it was associated with the 'Default Permission Scheme' which is OK. Then, I created a new Permission scheme with the project permissions as in your post above. Then I associated the newly created project with the new Permission scheme. Now, the default permission scheme is no longer associated with any projects. Then, I logged into my Jira instance as a read-only user but I could not see the issue assigned to this user and the same thing happened when I logged in as a read-write user. The only way to get around this was to create a second project, create new issues as before under this second project and associate the second project with the new permission scheme.

Is this the way it is expected to work or am I missing something?

Thanks

When you created the new project, it typically will not copy over the Project roles. 

Go into the new project to see what is listed under people. Then make sure those project roles line up with the new Permission Scheme. 

And if that all looks good - use the permission helper in the permission scheme to help guide you.

What I said was that I needed to create a second project to get this working. Here is what I did again:

I started from scratch - no projects, no roles, no users, etc...

I created a project.

Went into the new project. Under Roles, there is only 

• Project Lead: admin
• Default Assignee:Unassigned
• Roles:View Project Roles

Created two users rouser and rwuser

created two project roles, one for each user and associated them with their respective roles

Created a new Permission Scheme and assigned project permissions as before

Created two issues and assigned the above users to them

Logged in as a rouser and rwuser but I do not see the issue assigned to them

Thanks John. I figured what the problem was. Now, it is OK

Hi John,

I am looking for documentation on how to create Project roles and project permissions using a plugin?

Thanks

I am not aware of a plug in that does that. Why wouldn't you just use the native function in Jira?

I mean can I do that by writing a plugin - that is programmatically through writing a plugin? I do not know what you mean by native function

Thanks John

I don't believe you are going to be able to do project permissions through a plugin. You might be able to use the API to do a Project Role, but that is pretty doubtful as well.

By native function, I mean just as how Jira already works in the application. 

I already did that by native function but unfortunately I thought there was a way to do that programmatically. 

Hi John,
In https://docs.atlassian.com/software/jira/docs/api/8.5.13/ it seems we can create project roles using the SDK

createProjectRole

ProjectRole createProjectRole(ProjectRole projectRole,
                              ErrorCollection errorCollection)

Thanks 

Hi John,

Is it possible to associate a user with a specific issue type? 

Thanks 

Well, sort of - you could implement issue level security. Then you associate the user to the issues that have a certain security level on the card. 

But not directly though. 

Thanks. It seems the closet I can come to do that is with Issue Type Scheme where only one specific issue type can be configured. And that Issue Type Scheme can be associated with the a project. Then, when creating issues under that project, only one issue type will be available.

Let me re-phrase my question: can I define a Permission Scheme at the Issue Type level vs at issue level?

Thanks

No, the Permission Scheme itself applies to all issues. You would control permissions to individual issues by adding a security level. 

Thanks. So, how can I achieve something like:

• Create a project in Jira
• Create a Test issue type
• Assign user 1 as a read only user to the test
• Assign user 2 as read/write
• user 1 can not change the project and test issue type

Having read/write and read only access is different then issue security. Issue security either hides the entire issue where the user can't see it or the user can see it and has full access. 

But a workaround might be to remove the field from the Edit screen for the project. Then create a new Transition screen with the field showing on this screen. 

Then create a new transition on the status that loops back to itself (called a Looping Transition).

Then attach the Transition screen to the new looping transition in the workflow. 

Then you can place conditions on this transition to control who can execute the transition that shows the screen with the field to be edited. 

Too complicated but thanks anyway