Is there a Java API to determine if a user can view an issue?

I'm writing a groovy script (using the script runner plugin) and want to determine if a particular user can view an issue.


I was just wondering if there was a simple API to figure this out. Crucially, it needs to take issue level security into consideration - this isn't something I can see in the permissionManager API (which appears to be project-based only).



2 answers

1 accepted

2 votes
Accepted answer

Just call this hasPermission() methods from PermissionManager passing the ProjectPermissions.BROWSE_PROJECTS permission - this will also check the issue security level scheme if such is assigned to the project which contains the issue.

There is a similar method in the JIRA 6.x API (the one I've linked is for JIRA 7.x).

Yes, this seems to do the trick - there are quite a few hasPermission methods, so I must have overlooked the one with both a user and an issue.



Hi Chris,

Try the script below (JIRA v7), in your script console and check the logs. 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.Issue

def userKey = "aUserKey"
Issue issue = ComponentAccessor.getIssueManager().getIssueObject("TP-1")
def userToCheck = ComponentAccessor.getUserManager().getUserByKey(userKey)

Collection <IssueSecurityLevel> issueSecurityLvlvs = ComponentAccessor.getComponent(IssueSecurityLevelManager)?.getAllSecurityLevelsForUser(userToCheck)
def hasPermission = issueSecurityLvlvs.find { == issue?.securityLevelId} ? true : false
log.debug "${userKey} has permissions to view the issue: ${hasPermission}"

Let me know if this does the trick.

regards, Thanos

Hi - this just gives me a collection of issue security levels.

There's nothing I can see about your code sample that ties this to the issue in question... or have I missed something?

Ok I updated my script above, was missing the comparison with issue's security level. So there are the project permissions the global permissions and then the issue permission

According to the managing project permissions doc 

Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue-level security).

Hope that makes things a little more clear

regards, Thanos

I still don't think this is going to work quite right.  For instance, say I have an issue security level of "Reporter Only" - i.e. only the reporter can see the issue.


I believe that "Reporter Only" will come back for all users.  And the issue's security level will be "Reporter Only".  So all users will pass your check - which is not correct as only the reporter should return true.


@Petar Petrov's solution was along the lines I was looking for - I just missed the exact function taking both a user and an issue in the permission manager docs.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Jan 15, 2019 in Statuspage

Introducing Statuspage Getting Started guides! First up: What is Statuspage?

Over the next several weeks we'll be sharing some of our Getting Started guides here in the community. Throughout this series of posts, we'd love to hear from customers and non-customers ab...

292 views 5 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you