Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to find what Projects a Group has access too (based on Roles) in CLOUD?

Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 25, 2024

Wow, got some good suggestions to my Question as I was typing it, but alas, I need a solution for Cloud:

Back in 2018, Michael asked:

I would like to pull a list of all project roles where the "staff" group is located and add the "Employees" group into the role as well. Where do I even start? I'm hoping for a groovy solution to run in Script Console.

That's exactly what I want to do, except... I'm on Cloud. So the awesome solution that @Ivan Tovbin gave will very likely not work, since I won't have access to the various internals that you have with on-prem Jira.

Whilst we were still on Server (which is when I should have made this change), I found this great article, which tells you how to Find All Projects with a Specific Project Role.

I was able to hack it to just print out matches for the particular Group I was looking for:

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleActors;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.security.roles.RoleActor;

def roleName = "Roku"

StringBuilder output = new StringBuilder();
ProjectManager projectManager = ComponentAccessor.getProjectManager();
ProjectRoleManager projectRoleManager = (ProjectRoleManager) ComponentAccessor.getComponentOfType(ProjectRoleManager.class);

//gets all project roles
def projectRoles = projectRoleManager.getProjectRoles()

//for each project
for(Project project : projectManager.getProjectObjects())

{   //and each project role
    for(ProjectRole projectRole: projectRoles)
    { 
        if(projectRole.getName() == roleName){
            //see if that project uses the project role
            def ProjectRoleActors projectRoleActors = projectRoleManager.getProjectRoleActors(projectRole, project)
            for (RoleActor actor : projectRoleActors.getRoleActors()) {
                if(actor.getDescriptor() == 'Roku Users')
                    output.append(project.getKey()).append("\n")
                }
        }
    }
}

return output.toString();

BUT, yeah, now I'm on Cloud, so that's not gonna work.

So one of the other suggestions I got was: How to identify group usage in Jira Cloud?, where @Angélica Luz points to this ticket: JRACLOUD-71967 - Group usage - List of project permission per group 

Basically, Cloud lost the functionality that was on Server/DC, to see all the Permissions (and Notifications, and Issue Security) Schemes that a Group has, like this:

Screenshot 2024-07-25 at 10.31.17 PM.png

BUT ACTUALLY, because I folllow best practices (like @Jimmy Seddon's here) I don't put Groups in Permission Schemes? I put them in Roles.

But Atlassian has not seen fit to show Groups that are in Project Roles. There's probably a ticket for that too.

I GUESS I could iterate through EVERY project in Jira using ACLI and do:

acli -a getProjectRoleActorList --project SAM --role Roku --select "Group: Roku Users"

But man, that's ugly.

Any other ideas?

Answer
Watch
Like # people like this
571 views

1 answer

1 vote
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 25, 2024

Ugh, yeah, ok so with 799 projects, this is gonna take a while, but it seems to be working:

acli -a runFromProjectList --common "-a getProjectRoleActorList --project \"@project@\" --role \"Roku\" --select \"5:Roku Users\" --file roku-user-roles.txt --append"

Credit to @Michael Kuhl {Appfire} for the showing me that runFromProjectList without any other args will apply to ALL projects, and oh, he was answering a very similar question:

Keen observers will note I had to change my --select parameter from "Group" to "5". That was because of this error:

Client error: Columns must be specified by number when append is also specified. ACLI-185 has more details on this permanent restriction.

Michael can you tell me more about ACLI-185? I can't find it. :-}

View More Comments
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 25, 2024

ARGH. Gotta love having to brute force the REST API and then getting blocked:

Client error: Invalid request: java.net.SocketException: Operation timed out

Client error: 1 actions failed, 253 actions were successful

Looks like I'm gonna have to break my list of Projects into chunks. *SIGH*.

Maybe I can come up with a SQL query to ask Support to run for me. Some combination of these two:

Heck, maybe if they're doing that they can also do the bulk add to Project Role for all the projects my query finds?

Like # people like this
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 26, 2024

Welp, I'm resorting  to just doing it manually. Here's my process:

acli -a getProjectList --file projectlist.txt

You then need to edit projectlist.txt and change the header field "Key" to "project" and then run:

acli -a runFromCSV --file projectlist.txt --common "-a getProjectRoleActorList --role \"Roku\" --select \"5:Roku Users\" --file roku-user-roles.txt --append"

And then you let it go, until it inevitably fails. :-{

Run: --project "DSACMD" -a getProjectRoleActorList --role "Roku" --select "5:Roku Users" --file roku-user-roles.txt --append

Client error: Invalid request: java.net.SocketException: Operation timed out

Client error: 1 actions failed, 57 actions were successful from file: /Users/darryllee/Library/CloudStorage/OneDrive-RokuInc/roku/jira-users-cleanup/projectlist.txt

YOU then edit projectlist.txt to remove all the projects after the header row up to the project that it failed on (in my case "DSACMD").

Then you run it again:

acli -a runFromCSV --file projectlist.txt --common "-a getProjectRoleActorList --role \"Roku\" --select \"5:Roku Users\" --file roku-user-roles.txt --append"

Rinse. Repeat. *Sigh*.

PRO-TIP: If you use ACLI Shell you can easily hit the up-arrow key to bring up the last command and re-run it (after you edit the projectlist.txt to remove projects that have already been checked).

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events