I can give permission to create without to browse project permission and that work, but if I give "Create attachment" permission without "Browse project" permission, the first one doesnt work. I can not give "Browse project" permission to my clients, because we have a lot of internal information and We are not interesting about they can take it.
Exactly, because if they have create attachments permissions won't mean anything if they can't see the issue... If you want to give them the browse project permissions but you don't want them to see the issue you could use the issue security scheme, or create a project for those users.
Thks Ramiro. I gonna try with the issue security scheme, because I need the client only can create Bug issues (Bug, cause is for acceptance testing, and they only create issues of type Bug) and that when he is creating he can attach files.
The client doesnt need to browse the project or view the created issues, neither anything else.
You have to be able to see something before you can do anything with it. If you allow "attach" without "browse", then it's a bit like asking someone to play snooker, blindfolded (And not telling them where the table is).
You *must* grant browse to issues before the users can attach things or do anything else with it.
There is one exception - if you grant create (without browse), then a user can create an issue, and attach files, but once they've created it, they'll get a permissions error and not be able to get back to the issue ever again.
As Ramiro says, it would be well worth considering your security. One good model is what Atlassian do with their support issues - they have one big project for all the customers, but it's locked. If I raise issues there, you can't see them, and I can't see yours. Would that work for you? Customers raising issues that only that customer (and yourself) can see?
My problem is that when an user who can create issues, but can not browse the project, just in the moment he is creating an issue, he can not attach any file, and the application shows this message:
"Cannot attach file xxxxx.xx: Unknown server error (404)."
I need he can attach the file when he is creating issues, just then. He doesnt browse or review any issues.
Hmm. That's odd, it's not what I got last time I looked - I had a "permission denied after create" incident before Christmas, and there were attachments there (the reason it was a problem was that the user lost the attachments and wanted a copy from Jira, where we realised his profile was wrong).
Can you read the log file? Are there errors in there at the time of the 404?
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot