"Create" button in JIRA allows anyone to create issues in projects they don't have permissions to.

We're using the cloud version of JIRA and I have set permissions to only a select few role to create issues in each project (mostly I use roles to provide permission). 

Everything else otherwise works perfect; users can only browse projects they are added to. However, I just noticed that anyone is able to hit the "Create" button on the top nav and create issues in any of the project they want to. 

What am I doing wrong?

6 answers

1 accepted

please verify that project role has no jira-users group

Within the different project roles I have created, I have added users who belong to jira-software-users & jira-confluence-users but I have not associated any of the role directly with user-groups (not even sure how to do that). Is this creating the problem?

If so, these JIRA groups are assigned by default to each user based on application access and these groups are also essential for managing global permissions. 

Any solutions?

Joe Pitt Community Champion Sep 06, 2016

Also make sure the permission scheme doesn't list jira-user or any other group with logon rights

And that the permission scheme does not have reporter or assignee in the Create Issues permission

Matt Doar [ServiceRocket] Thank you so much. This was exactly it.

0 vote

Hello Reetam,

Would you mind giving me the address to your instance so I can try to reproduce on mine and see if it's a possible bug?

Best Regards.

0 vote

Reetam, you can check within each project using Permission Helper, you select the user and it will show his permissions, if there is a group with such permission you can check if the others users are on this group(s) as well.

I checked your instance but could not identify the root without an example, so can you test this procedure? 

Also on this document you can check better how the permissions works, just in case you still have doubts.

Managing project permissions

Please let me know if it helped! 

 

Go to the permissions schemes page and go to the 'default permission scheme' (assuming that's the scheme you are using) and then under create issues ensure that the correct groups are there.

 

You can also check that the permission are correct in individual projects by going to the project summary page and going to permissions. 

Thanks All for the quick assistance. I checked the permission scheme and in a few of them, "create issue" permission was provided to the "reporter" which I believe gave everyone the permission to create issues in every available project through the "Create" button.

Removed it and now everything works just perfect.

Once again, big help. Thanks.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Asked 4 hours ago in Confluence

What are the resources that you use to learn more about Atlassian Products?

I am gathering information about resources available for Atlassian product knowledge transferring for a presentation in our local Atlassian User Group. I want to group them in four categories From ...

36 views 3 3
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you