How can I give permission to a user on "Create attachements" but without "Browse project" permission?

John Diaz April 23, 2013

How can I give permission to a user on "Create attachements" but without "Browse project" permission?

3 answers

1 vote
Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 23, 2013

Hi John, you can configure this in the Permission Scheme. But I don't get this since you need the user to be able to see the issue so he can add attachments to it.

John Diaz April 23, 2013

I can give permission to create without to browse project permission and that work, but if I give "Create attachment" permission without "Browse project" permission, the first one doesnt work. I can not give "Browse project" permission to my clients, because we have a lot of internal information and We are not interesting about they can take it.

Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 23, 2013

Exactly, because if they have create attachments permissions won't mean anything if they can't see the issue... If you want to give them the browse project permissions but you don't want them to see the issue you could use the issue security scheme, or create a project for those users.

John Diaz April 23, 2013

Thks Ramiro. I gonna try with the issue security scheme, because I need the client only can create Bug issues (Bug, cause is for acceptance testing, and they only create issues of type Bug) and that when he is creating he can attach files.

The client doesnt need to browse the project or view the created issues, neither anything else.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 23, 2013

You have to be able to see something before you can do anything with it. If you allow "attach" without "browse", then it's a bit like asking someone to play snooker, blindfolded (And not telling them where the table is).

You *must* grant browse to issues before the users can attach things or do anything else with it.

There is one exception - if you grant create (without browse), then a user can create an issue, and attach files, but once they've created it, they'll get a permissions error and not be able to get back to the issue ever again.

As Ramiro says, it would be well worth considering your security. One good model is what Atlassian do with their support issues - they have one big project for all the customers, but it's locked. If I raise issues there, you can't see them, and I can't see yours. Would that work for you? Customers raising issues that only that customer (and yourself) can see?

0 votes
John Diaz May 13, 2013

Hello.

Ramiro and Nic, Thks for helping.

I applied the Issue Scheme and works perfect to me.

Bye.

0 votes
John Diaz April 23, 2013

My problem is that when an user who can create issues, but can not browse the project, just in the moment he is creating an issue, he can not attach any file, and the application shows this message:

"Cannot attach file xxxxx.xx: Unknown server error (404)."

I need he can attach the file when he is creating issues, just then. He doesnt browse or review any issues.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 23, 2013

Hmm. That's odd, it's not what I got last time I looked - I had a "permission denied after create" incident before Christmas, and there were attachments there (the reason it was a problem was that the user lost the attachments and wanted a copy from Jira, where we realised his profile was wrong).

Can you read the log file? Are there errors in there at the time of the 404?

Suggest an answer

Log in or Sign up to answer