How to retrieve users from a specific group with simple Jira automation rules

If you’re using Jira Service Management, you may find yourself searching for a quick way to find all users who belong to a specific group and apply automations in Jira. You always have an option to add users one by one right to the request for assignment, approvals, or simply as participants, but it may be too time-consuming. There is also a chance that the person you need is off work, and with group automation you have other people being able to pick up the request. Let’s have a look at a couple of usage scenarios and workarounds we’ve elaborated.

Scenario 1: security change approval

 

Though Jira was updated recently, with the feature to use Approval groups added, it still does not cover all user needs. So we came up with the following automation rule to help you use groups in automations faster and easier.

 

Imagine, you need to approve a security change with the Security group before it comes to CAB approval, or you want to receive approval from the Security group for the user requesting antivirus software. To be sure everything goes smoothly, you want to implement a smart approval process in Jira Service Management, and populate all members of a specific group (for example Security group) as approvers.

 

  1. To retrieve group members, send a call into Jira API using the automation web request action:

https://<your_domain>.atlassian.net/rest/api/3/group/member?groupname=<group_ name>

 Picture 11.png

You can find more details on web request authorization here, if you are interested.

 2. Put a response in a variable which can be later used within the automation rule:

 Picture 12.png

3. Now put the groupMembers variable into the Approvers field and:Picture 13.png

Scenario 2: group assignment

Your Jira Service Management requests are assigned to specific groups based on the nature of the request. There are no group assignments out of the box, so we usually use the Assignment group approach. And as soon as the request is assigned to a specific group you want to make sure that the assignee (which is a single-user field in Jira — the user who is responsible for the request) belongs to the Assignment group”\ set in the request.

 

  1. To retrieve all group members you have to send an API call:

 

https://<your_domain>.atlassian.net/rest/api/3/group/member?groupname={{issue.Assignment group}}

2. And then put a response in a variable:

 

members = {{webResponse.body.values.accountId.join("|")}}

 Picture 14.png

 As a result, you have a string variable filled with assignee IDs separated with "|"

 

Having that set, you now can easily check if {{members}} contains {{assigneeId}}

 Picture 15.png

As you’ve set all automation rules, you can now add an action. If your assignee is in the group, then do nothing, but if not, clear the assignee field and leave a comment, or notify someone for extra moderation of the request.

 

And that’s it.

 

Just curious - have you ever faced a challenge like this? If yes, what did you do? Please, share your stories in the comments, and let’s discuss.

5 comments

Andrey Kiyanovsky November 15, 2022

Hi Alex,

Thank you for the article. 

1. As I can see, the '/group/member' API request is a paginated request, and it's not handled in your example. So, there should be a cycle of REST API calls, interesting use case to implement. For the second scenario, we can use '/user/groups' call instead to avoid using a cycle.

2. I believe there is a typo with {{/}} at the end of the URL in the first screenshot.

Like # people like this
Alex Kiselev _Itransition_ November 30, 2022

Hi @Andrey Kiyanovsky

 

Thank you for the comment.

 

#1

Yes, you're right. These scenarios are for groups with up to 50 users. The approval groups as a rule don't contain many users. And this automation completely covers all our needs. But, sure if you have a large group you should use a cycle.

I will prepare the additional rule for building the list of approvers in a cycle.

You are right - for the second scenario, we can use '/user/groups' to find user groups and check if the list contains an Assignment group.

#2

Correct, it's a mistype while preparing pictures for the article.

 

Thank you!

Like # people like this
mb February 27, 2024

Thanks, this helped me a lot. Even though I use the displayName attribute to list the group's members because I cannot figure out how to e.g. mention all the users by their accountId.

And I used {{groupName.urlEncode}} because my group names have spaces etc. to make sure nothing goes wrong if there are special characters present in the group's name.

Harsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 4, 2024

HI @Alex Kiselev _Itransition_ 

After following the steps for scenario 1, the approvers value still did not get population even after the automation rule is success.

Any idea where things could go wrong, I even used LOG action to debug, up until variable name - {{groupMembers}} the log says values are getting fetched but when editing the Approvers it says NONE.

In my JSON load, I do not see accounId but I see "name"(which hold the ID) and 'emailAddress'. WHen I use Email address - i get the following error - Could not find usernames:, error editing the issue.

Is it possible to somehow do with these? 

@mb any suggestion on the above?

Alex Kiselev _Itransition_ March 4, 2024

Hi @Harsh ,

As mentioned in comments above there is a typo with {{/}} at the end of the URL in the first screenshot.

So when you receive the response of the https://<your_domain>.atlassian.net/rest/api/3/group/member?groupname=<group_ name> (you can try URL in browser) - it should be the list of accounts. In case there a couple of accounts (we don't need pagination) - they could be placed into variable as it shown on screenshot 2.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events