I want certain users to be able to link issues across projects but I need to control this i.e. only to selected projects. So I added these users to a project role and removed the "Browse Projects" and "Link Issues" permissions from that role in a target-project. Now, when a member of this project role tries to link an issue to another issue in that target-project, he cannot "see" the target-project or specifiy it in a JQL statement, so far, so good! However, if he enters the Key-ID of an issue in the target project, the link will be created. Not good at all!
Furthermore, something strange happens, this link is not displayed in the issue screen as usual. However, I checked the activity protocol and can see that the value of the "Links" field has been changed and now contains the key specified i.e. the key of the issue in the target-project. Even more strange, if I grant the project role "Browse Projects" in the target-project again, then the link is displayed in the issue screen in the original project as normal.
So it seems to be that you can create a link to an issue in another projects regardless of whether or not you have "Browse project" or "Link Issues" permission for that project, however JIRA will not show the link in the usual way.
I really can't think of a good reason to allow a user to create a link by providing the issue key but yet hide that link. To me, he should not be allowed to create the link to a project for which he does not have Browse Project or Link Issues permission in the first place. Why allow the link to be made and yet hide it?
Instead, it seems as if the permission "Link issue" only applies to issues when they are in the current project being edited and not when they are the target of a link.
Browse Projects seems to be prevent looking into a project but if you have an issue key, you can get around it.
Is this a bug in JIRA?
Hi John,
I tested this and I see the same behavior you do in the latest version where I'm able to create the link using the ID.
I created a bug that you can find at JRASERVER-65821. Please vote on the issue to add impact and add any comments you would like to the ticket. Once you do that you'll be notified directly of any changes to the ticket.
Cheers,
Branden
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.