Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"Create" button in JIRA allows anyone to create issues in projects they don't have permissions to.

Reetam Das
Reetam Das September 6, 2016

We're using the cloud version of JIRA and I have set permissions to only a select few role to create issues in each project (mostly I use roles to provide permission). 

Everything else otherwise works perfect; users can only browse projects they are added to. However, I just noticed that anyone is able to hit the "Create" button on the top nav and create issues in any of the project they want to. 

What am I doing wrong?

Answer
Watch
Like Lorenzo Bueno likes this
764 views

6 answers

1 accepted

0 votes
Answer accepted
Devtools_Barclays
Devtools_Barclays September 6, 2016

please verify that project role has no jira-users group

View More Comments
Reetam Das
Reetam Das September 6, 2016

Within the different project roles I have created, I have added users who belong to jira-software-users & jira-confluence-users but I have not associated any of the role directly with user-groups (not even sure how to do that). Is this creating the problem?

If so, these JIRA groups are assigned by default to each user based on application access and these groups are also essential for managing global permissions. 

Any solutions?

Like
Joe Pitt
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 6, 2016

Also make sure the permission scheme doesn't list jira-user or any other group with logon rights

Like
MattS
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 6, 2016

And that the permission scheme does not have reporter or assignee in the Create Issues permission

Like
Reetam Das
Reetam Das September 7, 2016

Matt Doar [ServiceRocket] Thank you so much. This was exactly it.

Like
Reply
0 votes
Reetam Das
Reetam Das September 7, 2016

Thanks All for the quick assistance. I checked the permission scheme and in a few of them, "create issue" permission was provided to the "reporter" which I believe gave everyone the permission to create issues in every available project through the "Create" button.

Removed it and now everything works just perfect.

Once again, big help. Thanks.

Reply
0 votes
tom1443
tom1443 September 6, 2016

Go to the permissions schemes page and go to the 'default permission scheme' (assuming that's the scheme you are using) and then under create issues ensure that the correct groups are there.

 

You can also check that the permission are correct in individual projects by going to the project summary page and going to permissions. 

Reply
0 votes
Lorenzo Bueno
Lorenzo Bueno
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 6, 2016

Reetam, you can check within each project using Permission Helper, you select the user and it will show his permissions, if there is a group with such permission you can check if the others users are on this group(s) as well.

I checked your instance but could not identify the root without an example, so can you test this procedure? 

Also on this document you can check better how the permissions works, just in case you still have doubts.

Managing project permissions

Please let me know if it helped! 

 

Reply
0 votes
Reetam Das
Reetam Das September 6, 2016

Here you go: https://classicinformatics.atlassian.net

Reply
0 votes
Lorenzo Bueno
Lorenzo Bueno
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 6, 2016

Hello Reetam,

Would you mind giving me the address to your instance so I can try to reproduce on mine and see if it's a possible bug?

Best Regards.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events