Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,316
Community Members
 
Community Events
184
Community Groups

Announcement: Restrictions on usage of issue-level grants with Project permissions

Aug 16, 2022

G’day Atlassian community!

To improve security in Jira, we’re restricting using issue-level grants with project permissions. Let’s go through these changes in detail.

Context

First, let’s define issue-level grants and project permissions. Issue-level grants are

  • current assignee

  • reporter

  • user custom field value

  • group custom field value

Project permissions are the permissions that operate at the project level. They are listed under the “Project permissions” category on Jira’s permission scheme page (eg: Administer Projects, Browse Projects).

Why it is changing?

Currently, it is possible to associate the above issue-level grants to project permissions. For example, one can grant the “Administer Projects” permission to a “reporter”. However, this can open up the project to users to whom it should not be visible. Someone who temporarily becomes a reporter, current assignee, etc. can get access to restricted projects/ issues within Jira during that time period. JRACLOUD-71397 and JRACLOUD-74768 describe the problem in more detail.

Going forward, to avoid such conditions and make Jira more secure, we won’t allow associating the issue-level grants to project permissions.

What is changing in Jira?

You will notice changes to Jira’s permissions scheme page. Any of the project permissions cannot be granted to a reporter, current assignee, user custom field value, and group custom field value. So while giving project permission either by clicking on “Grant permission” or via the “Edit” button associated with any Project permission, those issue-level grants will not appear.

Thus it is recommended to avoid using issue-level grants with project permissions.

When it will reach me?

We will roll out this change to all of our customers in phases, over the next few weeks. Since this change involves a deprecation, we strongly recommend and urge all customers to plan for and adopt the above changes. Meanwhile, we welcome feedback from you.

Show me the changes!

Here are some screenshots of the Grant permission modal on the permission schemes page that indicate the changes mentioned above

Old behavior: Issue-level grants could be associated with project permissions
Screenshot 2021-08-31 at 11.20.45 PM.png
New behavior: Issue-level grants cannot be associated with project permissions
Screenshot 2021-08-31 at 10.40.14 PM.png

Thank you in advance for working through these changes and for your continued support.

Please reach out to us in case of any concern by commenting on this post.

Best,

Varad Pingale

Jira PM

Comment
Watch
Like # people like this
926 views

4 comments

G subramanyam
G subramanyam
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 20, 2022

Thank you @Varad Pingale for the updates and announcement. It surely takes time for me to sync with the changes.

Like
Yatish Madhav
Yatish Madhav Jan 26, 2023

Hey - Looks like the 71397 issue has been deleted or made inaccessible to us? Thank you

Like Linh HOANG likes this
Linh HOANG
Linh HOANG
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
Mar 20, 2023

any updates on this article? I still see "Issue-level grants can be associated with project permissions" on my Jira instance.

also the https://jira.atlassian.com/browse/JRACLOUD-71397 is not accessible anymore.

Like
Yatish Madhav
Yatish Madhav Mar 22, 2023

Any update, please?

Like

Comment

Log in or Sign up to comment
Varad Pingale

Varad Pingale

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

16 total posts

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events