Managing Project Permissions via Custom Fields

In Permissions Scheme, it's possible to set up a permission based on user picker or group picker custom field. I do understand how it works in case of Issue Permissions. But what about Project Permissions like Administer Projects, Browse Projects? Does it mean that a user or group mentioned in any of issues with a given type of the custom field will get a corresponding permission of the project?

1 answer

1 vote
Joe Pitt Community Champion Oct 07, 2015

Each activity, such as administer, browse, create, and etc. have their own permission list. So a user from the picker list could have browse, but not create. The problem you may get into is the user may be in multiple groups and may gain access you didn't intend.

Also be aware that you may grant more than you think by accident. The really obvious example is that if you grant "browse" to "reporter", most people would think "well, that person can only see issues they reported". Nope. A person with "create issue" doesn't even have to be named as a reporter on any issue and they can see the entire project. This is because it's a *project* permission so it really does mean "all issues", and they *might* be a reporter. For that reason, I tend to avoid using user/group pickers in project permission.

Joe, Nic, thanks for the reply. I'm afraid I didn't get the idea of how permissions like Administer Projects, Browse Projects work in this case. How does a such permission relate to a custom field of a particular issue?

Some types of custom field hold users (i.e. references to specific user accounts in JIRA, rather than text, numbers, options or dates). JIRA can use users and lists of users in permission schemes. An obvious instinctive use is that you can say things like "this user can edit issues" or "this group of people can edit issues", but the use of custom fields translates so you can say "the user named in this field can edit issues" or "the people named in this multi-select can edit issues" The problem with using custom fields like that is that permissions are *project* wide. So if you name a person in a custom field used in a permission scheme in a single issue, then you give them the *project* permission to do something. So you need to be a bit careful with it - if you name a user field in the admin permission for example, you could give every user in your system project admin rights...

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Wednesday in Jira

Join our webinar: How 1B+ feature flag events helped us build the new Jira

Every time you release software, there's a bit of risk – that there's a bug, that something breaks, or that the feature doesn't resonate with customers. Feature flagging helps make high stakes s...

101 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you