JIRA Users without resolve permission can resolve issues

Hi,

I just discovered a strange situation:

I have a project role called "Observers". This is ment for a kind of restricted users, and they are allowed to also add comments and assign issues.

Their group has only the global permission "JIRA Users", so that they can login. Their Project Role (Observers) is in the permission scheme at:

  • Browse Projects,
  • Assign Issues,
  • View Read-Only Workflow,
  • View Voters and Watchers,
  • Add Comments,
  • Edit Own Comments.

Strangely enough, I tested it with that user, and I was able to resolve issues, close, start progress... in other words do workflow transitions where there were no conditions on project roles or groups.

How can I restrict these users from making workflow transitions without having to put conditions on every transition? And how would I even say that any Project Role may, except the Observers?

Many thanks,

Loredana

2 answers

This widget could not be displayed.

If I'm correct, the problem is in the workflows. Those resolve and close permissions work if in your workflow you specify that only the users with that permission can execute the transition. Check your workflow Conditions and Validators.

I know putting conditions on all transitions can be very tedious, but I you really want the restriction for some users this has to be done :D

Hope this helps.

But I want these users to not be able to make any trasitions at all, that means I have to put the conditons at every transistion that user should be in the other 6 roles, except the observers ? That's more than tedious.

I don't understand why I have to specify again that only users having that permission in the permission scheme can resolve and close, since that scheme is assigned to the project...it's redundant. I thought that the permission scheme is the first filter, and then I can make more restrictions in the workflow conditions. And the permission scheme only has resolve and close, I need to restrict all transitions.

Any other ideas? Thx!

It's easier than it seems. In the moment you create a new workflow you can name the status and transitions with whatever name you like and in that way it's impossible for JIRA to know if in a transition it should check what permission. Unless you indicate what permission should check for that transition.

You can do this: Assign the resolve issue permission to all the roles you want to be able to resolve. And then in the transition indicate a Condition for resolve issue permission. That way the role that doesn't have this permission in the scheme won't be able to fire the transition.

Thank you Ramiro. I can use that resolve permission at every transistion, true. It's just a bit of work now, since we have quite a few workflows to edit.

This widget could not be displayed.
Mizan Community Champion Nov 17, 2013

Can this user do a transition where the resolution of the issue is set ? Also check if the user is in the group which has resolve issue project permission

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Aug 06, 2018 in Jira Service Desk

A is for Activate: Share your top Jira Service Desk onboarding tips for new users!

Hi, everyone! Molly here from the Jira Service Desk Product Marketing Team :).  In the spirit of this month's  august-challenge, we're sourcing stories of Jira Service Desk activation fro...

578 views 25 15
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you