Changing Permission Scheme of a Project after the first issue is created


Because of the flexibility provided in jira, it can be used for many other scenarios apart from issue tracking.

We have one scenario of having a project portfolio details in JIRA. There will be multiple projects. The project lead will create a new issue inside a project which will consist of project details. Based on the issue created different reports are produced. Here we are not tracking any bugs or issues inside projects. This is purely being used as a project management system here.

The main problem here is that, the user should not be able to create 2nd issue in the project once the first issue is created. This for the reason that a project can consist of only 1 project details issue.

One option I am trying is, I have created 2 permissions schemes

1st Permission Scheme : User have create issue permission

2nd Permission Scheme : User does not have create issue permission

Now when the user creates first issue in the project, I am running a script on the "Create" post funtion in a workflow which will change the permission shceme to the 2nd one. Here user does not have create issue permission and hence he will not be able to create any issue inside that project again.

Now When I create the first issue in the project, as per the logic written in the workflow, the issue should be created and the permission scheme should get changed to the 2nd permission scheme.

Issue is getting created, even the permission scheme is getting changed, however as soon as the user presses create button he gets an error stating "You do not have permission to create issue in this project". Though, the issue gets created internally. I can understand that this is happening due to the change in the permission scheme, but the permission sheme is being changed after the issue is getting created, then why this error is being shown to the user.

Is there any other alternative I can try to achieve the same?

Please find the attached files.

2 answers

1 accepted

You've choosen really complex approach. The better way is to remove the postfunction and create a script validator (or create a plugin with validator module). Inside the validator search for the issue of specific issue type in the selected project and throw specific exception if the issue exist (with proper message). So your permission scheme will be unchanged and you will use proper way to omit creation (never make desisions on creation during creation itself)

Hi Alexey,

Thank you for the quick reply.

What I observed with script validator is, it will show message after we click on the create button. We have a huge form to fill up before they create the issue, the user might end up filling up entire form and then realise at the end that he cannot create this issue.

For better user friendliness, we were trying this approach. If there is no other way, then will go with script validator only.

I would advice to develop the custom field that will be shown on the top of the form - and if there is issue with that issue type exist it should be rendered with big red message "You cannot create tickets of that issue type inside this project" - something like message field but with condition.

Hmm..This seems a better approach. Will try this for sure.

Thank you Alexey.

1 vote

Another approach...

Create a new role for the project called something like "can create".

Change the permission scheme so that only users in that role in the project can create an issue.

You'll need to load all your users into the role initially, and when you get new ones, or someone does need to create a new issues (I'm assuming this is a business process of some sort)

Finally, all your post function script needs to do now is remove the current user from that role after they create the issue. Once removed, they'll lose all "create issue" rights in that project, and it's all within Jira's standard working structures!

Hi Nic,

Thank you for the reply.

So here the user will be usually the project lead. Once the project lead creates one issue in the project, the project should not have create issue permission for anyone.

Even If I use this approach, the project will have the problem I defined in the post, that there will be an error message showing to the user that "You do not have permission to create issue in the project".

Hi Nic, that will not work as the permission set is being changed during creation - so even if you remove the user from the role instead of removing the group / role from permission - the ticket cannot be created due to the final check after all postfunctions were executed

Ah, good point. I should have used a listener to remove the user from the role.

I know it's worked in the past because I've done something very similar (it was for requesting access to systems and people were annoyed by repeated pointless duplicated requests), I just forgot that a post-function won't work.

You won't get the "can't create" message either - once the user has created one issue, they're removed from the role that lets them create, which means Jira's permission system kicks in, and they will no longer be offered "create" links for that project anywhere. The only time I think you'd see the permission error from then on is if they use a direct url to try to create, or after they create the first issue, they use "create another" and it remembers the project. I don't think you can stop either of those.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,234 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you