I want some Jira users to be allowed to "read" Jira tickets, but not create or edit them. I followed the guidelines here: https://confluence.atlassian.com/jirakb/jira-cloud-how-to-create-a-read-only-user-779160729.html
However, it seems the permission are still not set properly. The users still have all the permissions. Can someone help?
This is driven by the Permission Scheme for the project you want them to have RO access to. Edit the Permission Scheme, and ensure that the user/role/group that they are in only has access to the Browse Project permission, and no others.
Then you will also need to ensure the user isn't a member of any other groups or roles on the project that would give them access to any other permissions.
I have 3 permission schemes
1- default permission scheme
2- default software scheme
The Jira project that we are working on is assigned to this permission scheme
3- read only permision scheme
I want my read only accounts to use this permission scheme to access the Jira project in read only mode.
I created a project role and I named it "read only"
I created groups named xxx_read_only_users.
I assigned some jira acount under xxx_read_only_users.
Do I need to edit the default software scheme (2) or the read only permission scheme (3)?
Please note that in the default software scheme, the "create issues" permission is granted to:
- Application access: "any logged in user"
- project role" atlassian addons project access"
The "browse projects" permission is granted to
- Application access: "any logged in user"
- project role" atlassian addons project access"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
A project can only use one Permission Scheme. So you don't really need the Read Only one. You can edit the default software scheme.
Make sure that the new "read only" project role is only assigned the Browse Projects permission in the scheme.
And review all the other permissions, to make sure that 'any logged in user" isn't granted other permissions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Actually it does not work yet...
For the "create issues" permission, I did the following:
- I removed "application access: any logged in user"
- I added a "read write" project role
- I assigned some groups as default members of the "read write" project role
As part of a member of a group that is part of the "read write" project role, I was expecting that I would be able to create issues, but I am not. I dont have the permission for an unknown reason. However, when I add the "any logged in use", I am now able to create issues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can use the Permission Helper to see if you can determine why this is not working for you. Go to Admin > Settings > System > Permission Helper.
This allows you to enter a username, issue key and permission, and will tell you why that permission is not available for the specified user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.