Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Hide a UI element depending on Role with Scriptrunner

Mike P April 12, 2023


I would like to hide the Project and Repository Permissions page from all users except System Admins.  I have been able to find the UI element to hide, but I am not sure how to disable it except for a System Admin.  Any suggestions? 


I was trying:


import com.atlassian.sal.api.user.UserManager
import com.atlassian.sal.api.user.UserKey

def userManager = ComponentLocator.getComponent(UserManager)

if (userManager.isSysAdmin(new UserKey( {
return false

1 answer

Hi @Mike P 


The following snippet will return `true` when the logged in user is a global admins and `false` if they are a project or repo admin:

import com.atlassian.sal.api.user.UserKey

import com.atlassian.sal.api.user.UserManager

import com.atlassian.bitbucket.auth.AuthenticationContext

import com.atlassian.sal.api.component.ComponentLocator

def currentUser = ComponentLocator.getComponent(AuthenticationContext).currentUser

ComponentLocator.getComponent(UserManager).isAdmin(new UserKey(


However, If you just need to prevent project or repo admins from changing permissions, instead of hidding UI elements, you could just reject any permission modification events for non-admin users.

You could use this library script :

and modify its trigger, using  ProjectPermissionModificationRequestedEvent and RepositoryPermissionModificationRequestedEvent instead of ProjectModificationRequestedEvent



Mike P April 18, 2023

Thank you so much Yannis.  I will give the code a try.

As for your suggestion, it would be much better if I could gray out all the fields on the page except for system admins/admins.  Is there a way to gray out the fields?


Also, how does one know what listener to use?  Is there documentation anywhere for them?



@Mike P  I cannot think of an easy way to gray out fields.

I suggest to do it with event listeners, because this way you can have a clear error message and not confuse users by having an inconsistent UI. Also, this will cover you from users using rest API to change permissions.

For documentation, you could have a look at
PermissionModificationRequestedEvent , CancelableEvent and their implementations


Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events