Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to retrieve list of permissions for a particular group using scriptrunner?

Dear @Alexey Matveev _cPrime_,

Is there a way I can retrieve the entire list of permissions (type of permissions) for a particular jira group in scriptrunner / or using any type of jql function or any groovy script that I can use from you.

Please let me.

Thank you.

1 answer

1 accepted

1 vote
Answer accepted

You can use a script like this:

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.scheme.Scheme
import com.atlassian.jira.project.Project

String groupName = "group name" 

def a = ComponentAccessor.getProjectManager().getProjectObjects().each{ project ->
ComponentAccessor.getPermissionSchemeManager().getSchemeFor((Project)project).each { scheme ->
((Scheme) scheme).getEntities().each { entity ->
if (groupName.equals(entity.getParameter()))
log.error("project: " + ((Project)project).getKey() + " permission: " + entity.getEntityTypeId() )
}
}
}

It will show you all permissions in all projects for a group

@Alexey Matveev _cPrime_ Thank you very much, but I have an issue I ran it in the script console and I got the list of projects and there is no permissions shown in the result window. Am I doing it wrong?

could you provide a screeshot with the list of projects? Just one line. I do not need all the lines.

Yes, you are calling the script the right way. The output must be on the Log tab, but the tab is empty.

The script will only show permissions, if the group directly is set in the project permission scheme. You you set a group for a role and then added to the role to the project permission scheme, then such a permission will not be shown for the group. Or if you set a custom group picker field for a permission and set the group as a value for the group picker, you also will not be able to see the group. If you need such cases, then I need to modify the script.

@Alexey Matveev _cPrime_ I think I have the use case where I was asked to map the list of permissions a group has, and recently jira and confluence both user groups are not local configured jira groups and are moved/synced with active directory now, so I need to test the permissions schemes mapped to the synced AD groups.

I modified the script. Now it will show all permissions where the group granted a permission through a role.

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.scheme.Scheme
import com.atlassian.jira.project.Project
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.util.ErrorCollection
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.security.roles.ProjectRoleActors

String groupName = "group name"

def projectRoleService =ComponentAccessor.getComponent(ProjectRoleService);
ErrorCollection errorCollection

def a = ComponentAccessor.getProjectManager().getProjectObjects().each{ project ->
ComponentAccessor.getPermissionSchemeManager().getSchemeFor((Project)project).each { scheme ->
((Scheme) scheme).getEntities().each { entity ->
if (groupName.equals(entity.getParameter()) && "group".equals(entity.getType())) {
log.error("project: " + ((Project)project).getKey() + " permission: " + entity.getEntityTypeId() )
}
if ("projectrole".equals(entity.getType())) {
ProjectRole projectRole = projectRoleService.getProjectRole(Long.valueOf(entity.getParameter()), errorCollection)
projectRoleService.getProjectRoleActors(projectRole, project, errorCollection).each{ actors ->
((ProjectRoleActors) actors).getRoleActors().each{actor ->
if (groupName.equals(actor.getParameter()))
log.error("project: " + ((Project)project).getKey() + " permission: " + entity.getEntityTypeId())
}
}
}
}
}
}

Are you sure that the group is called like this? All letters in the upper case?

Oh let me try another group, but you know I tried a different group i see errors

These errors are actually the permissions for the group)

You can see the whole list in the attlassian-jira.log

Thank you very much @Alexey Matveev _cPrime_. I really appreciate your help.

@Alexey Matveev _cPrime_ I am looking for script to show particular JIRA users over all projects and come over to your script.

Sorry that I am not expert in programming. I am a system admin. May I know what kind of script above sample is? Is it JAVA?

Can we use simple script like PowerShell to achieve same purpose?

@Mark

This script can be run in the Adaptivist ScriptRunner plugin.

@ALE

 

how about a script to show user permission and clone that to a new user(s)?

 

Is it possible?

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you