JIRA default comment visibility via ScriptRunner Behaviors

For a long time now, I've used the following behaviors initializer script to enforce a default comment visibility level of an 'Internal' project role (with role ID 11400) on new comments by internal employees:

import com.atlassian.jira.component.ComponentAccessor
import com.onresolve.jira.groovy.user.FormField

def userInternal = ComponentAccessor.jiraAuthenticationContext.getLoggedInUser()
def groupsInternal = ComponentAccessor.userUtil.getGroupNamesForUser(userInternal.name)

FormField commentSec = getFieldById("commentLevel")

if (groupsInternal.contains("Internal Users")) 

It's worked pretty well through several JIRA updates, with a few quirks, but was good enough to satisfy security concerns around discussions on issues.

Something must've changed in the JIRA 7.3.x family of updates, but this script now fails to work when loading the comment box at the bottom of the issue detail page. Comments left on modals (edit issue, transition issue, etc) still process the behavior correctly, but for whatever reason, the most comment place comments are left have stopped running the script.

Is there a change I need to make to the behavior to support something different about this particular instance of the comment editor, or am I out of luck? A solution that requires editing JIRA source code isn't an option, so it's either making ScriptRunner work again, or considering the third-party add-on that manages comment security defaults instead.

Thanks all.

4 answers

If it doesn't work in 7.3 it's a bug, which means possibly we're missing a functional test.

I'll ask someone to take a look and get back to you. We may need you to create an issue at https://productsupport.adaptavist.com/servicedesk/customer/portal/2 so we can trace it through the system properly.

We'll get back to you.

Hi Joshua, 

May I ask which version of the ScriptRunner you use ?

regards, Thanos

@Thanos Batagiannis [Adaptavist] - Sure, I'm running SR 4.3.19 with both JIRA core and JIRA Software on 7.3.2.

Can definitely confirm that this is only happening on the comment box directly on the bottom of a regular issue details page (/browse/ABC-1234).

@Joshua DeClerckDid you get an answer on this? I'd like to do the same thing and mine isn't working and isn't giving me an error either.

@Jon Schewe - It eventually became a ticket in their support system and has been marked fixed as of v5.3 of ScriptRunner. You may be able to review the ticket history here:


I haven't confirmed the fix, though, since I don't use that script anymore. The importance of having something that worked pushed us to buy a commercial add-on that, to be honest, does a more thorough job anyway ('Comment Security Default').

Hate to be yet another buy-more-addons (oh crap, sorry, they're apps now) comment, but it's Jira after all.

Please could you create an issue at https://productsupport.adaptavist.com/servicedesk/customer/portal/2 - then we'll make sure we trace this through to completion, as Answers only has a couple of days left.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

156 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you