How can I give permission to a user on "Create attachements" but without "Browse project" permission?

How can I give permission to a user on "Create attachements" but without "Browse project" permission?

3 answers

Hi John, you can configure this in the Permission Scheme. But I don't get this since you need the user to be able to see the issue so he can add attachments to it.

I can give permission to create without to browse project permission and that work, but if I give "Create attachment" permission without "Browse project" permission, the first one doesnt work. I can not give "Browse project" permission to my clients, because we have a lot of internal information and We are not interesting about they can take it.

Exactly, because if they have create attachments permissions won't mean anything if they can't see the issue... If you want to give them the browse project permissions but you don't want them to see the issue you could use the issue security scheme, or create a project for those users.

Thks Ramiro. I gonna try with the issue security scheme, because I need the client only can create Bug issues (Bug, cause is for acceptance testing, and they only create issues of type Bug) and that when he is creating he can attach files.

The client doesnt need to browse the project or view the created issues, neither anything else.

You have to be able to see something before you can do anything with it. If you allow "attach" without "browse", then it's a bit like asking someone to play snooker, blindfolded (And not telling them where the table is).

You *must* grant browse to issues before the users can attach things or do anything else with it.

There is one exception - if you grant create (without browse), then a user can create an issue, and attach files, but once they've created it, they'll get a permissions error and not be able to get back to the issue ever again.

As Ramiro says, it would be well worth considering your security. One good model is what Atlassian do with their support issues - they have one big project for all the customers, but it's locked. If I raise issues there, you can't see them, and I can't see yours. Would that work for you? Customers raising issues that only that customer (and yourself) can see?

My problem is that when an user who can create issues, but can not browse the project, just in the moment he is creating an issue, he can not attach any file, and the application shows this message:

"Cannot attach file xxxxx.xx: Unknown server error (404)."

I need he can attach the file when he is creating issues, just then. He doesnt browse or review any issues.

Hmm. That's odd, it's not what I got last time I looked - I had a "permission denied after create" incident before Christmas, and there were attachments there (the reason it was a problem was that the user lost the attachments and wanted a copy from Jira, where we realised his profile was wrong).

Can you read the log file? Are there errors in there at the time of the 404?


Ramiro and Nic, Thks for helping.

I applied the Issue Scheme and works perfect to me.


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in Jira

How to set up an incident workflow from the VP of Engineering at Sentry

Hey Atlassian community, I help lead engineering at Sentry, an open-source error-tracking and monitoring tool that integrates with Jira. We started using Jira Software Cloud internally last year, a...

1,108 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you