JIRA Users without resolve permission can resolve issues


I just discovered a strange situation:

I have a project role called "Observers". This is ment for a kind of restricted users, and they are allowed to also add comments and assign issues.

Their group has only the global permission "JIRA Users", so that they can login. Their Project Role (Observers) is in the permission scheme at:

  • Browse Projects,
  • Assign Issues,
  • View Read-Only Workflow,
  • View Voters and Watchers,
  • Add Comments,
  • Edit Own Comments.

Strangely enough, I tested it with that user, and I was able to resolve issues, close, start progress... in other words do workflow transitions where there were no conditions on project roles or groups.

How can I restrict these users from making workflow transitions without having to put conditions on every transition? And how would I even say that any Project Role may, except the Observers?

Many thanks,


2 answers

If I'm correct, the problem is in the workflows. Those resolve and close permissions work if in your workflow you specify that only the users with that permission can execute the transition. Check your workflow Conditions and Validators.

I know putting conditions on all transitions can be very tedious, but I you really want the restriction for some users this has to be done :D

Hope this helps.

But I want these users to not be able to make any trasitions at all, that means I have to put the conditons at every transistion that user should be in the other 6 roles, except the observers ? That's more than tedious.

I don't understand why I have to specify again that only users having that permission in the permission scheme can resolve and close, since that scheme is assigned to the project...it's redundant. I thought that the permission scheme is the first filter, and then I can make more restrictions in the workflow conditions. And the permission scheme only has resolve and close, I need to restrict all transitions.

Any other ideas? Thx!

It's easier than it seems. In the moment you create a new workflow you can name the status and transitions with whatever name you like and in that way it's impossible for JIRA to know if in a transition it should check what permission. Unless you indicate what permission should check for that transition.

You can do this: Assign the resolve issue permission to all the roles you want to be able to resolve. And then in the transition indicate a Condition for resolve issue permission. That way the role that doesn't have this permission in the scheme won't be able to fire the transition.

Thank you Ramiro. I can use that resolve permission at every transistion, true. It's just a bit of work now, since we have quite a few workflows to edit.

Can this user do a transition where the resolution of the issue is set ? Also check if the user is in the group which has resolve issue project permission

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,124 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you