"Create" button in JIRA allows anyone to create issues in projects they don't have permissions to.

We're using the cloud version of JIRA and I have set permissions to only a select few role to create issues in each project (mostly I use roles to provide permission). 

Everything else otherwise works perfect; users can only browse projects they are added to. However, I just noticed that anyone is able to hit the "Create" button on the top nav and create issues in any of the project they want to. 

What am I doing wrong?

6 answers

1 accepted

This widget could not be displayed.

please verify that project role has no jira-users group

Within the different project roles I have created, I have added users who belong to jira-software-users & jira-confluence-users but I have not associated any of the role directly with user-groups (not even sure how to do that). Is this creating the problem?

If so, these JIRA groups are assigned by default to each user based on application access and these groups are also essential for managing global permissions. 

Any solutions?

Joe Pitt Community Champion Sep 06, 2016

Also make sure the permission scheme doesn't list jira-user or any other group with logon rights

And that the permission scheme does not have reporter or assignee in the Create Issues permission

Matt Doar [ServiceRocket] Thank you so much. This was exactly it.

This widget could not be displayed.

Hello Reetam,

Would you mind giving me the address to your instance so I can try to reproduce on mine and see if it's a possible bug?

Best Regards.

This widget could not be displayed.
This widget could not be displayed.

Reetam, you can check within each project using Permission Helper, you select the user and it will show his permissions, if there is a group with such permission you can check if the others users are on this group(s) as well.

I checked your instance but could not identify the root without an example, so can you test this procedure? 

Also on this document you can check better how the permissions works, just in case you still have doubts.

Managing project permissions

Please let me know if it helped! 


This widget could not be displayed.

Go to the permissions schemes page and go to the 'default permission scheme' (assuming that's the scheme you are using) and then under create issues ensure that the correct groups are there.


You can also check that the permission are correct in individual projects by going to the project summary page and going to permissions. 

This widget could not be displayed.

Thanks All for the quick assistance. I checked the permission scheme and in a few of them, "create issue" permission was provided to the "reporter" which I believe gave everyone the permission to create issues in every available project through the "Create" button.

Removed it and now everything works just perfect.

Once again, big help. Thanks.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

196 views 3 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you