Jira permissions based on Group Custom Field value?

Andrew Culver
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

I have a user "pirate" which is a member of a group "Pillaging and Looting (unit head)".

My permission scheme grants browsing permissions to:

  • Group Custom Field Value (Cc Groups), and
  • Group Custom Field Value (Budget Unit)

The Cc Groups field is a Multi Group Picker custom field and the Budget Unit field is a Select List custom field, with the group name copied exactly as one of the select list options.

If I add the "Pillaging and Looting (unit head)" group to the Cc Groups group picker, the "pirate" user is able to see the issue when browsing the project and can view the issue. However, if I select "Pillaging and Looting (unit head)" in the Budget Unit group, the "pirate" user is not able to see the issue when browsing the project, BUT can still see the issue if he searches for the issue key.

Why is the "Budget Unit" Select List not allowing pirate to browse the issue, but the "Cc Groups" Multi Group Picker is allowing pirate to browse?

Furthermore, there is a workflow action which has a condition: Only users in group(s) specified by custom field Budget Unit can execute this transition.

This condition DOES allow "pirate" to perform the workflow action, so the "Select List" custom field seemingly DOES work for granting group permissions based on value, and the value of the list option correctly matches the group name. So it works for workflow conditions, but not permission schemes.

2 answers

1 accepted

3 votes
Answer accepted
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

It is just the difference in implementation. Permission schemes, notification schemes etc won't take group values from select lists. The custom field has to be of group picker.

Why are you using the select list instead of group picker? If you must use that, have you considered copying the value of the field to a group picker field in a workflow transition or something?

Andrew Culver
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

Thanks. I'll try copying the value.

I'm using group picker because I only want users to be able to select from a subset of the groups which represent budget units in our organization. I also want them to be able to just click and see a dropdown list of the options, rather than searching with the group picker.

Andrew

Andrew Culver
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

Hi Jobin,

I found this: https://jira.atlassian.com/browse/JRA-12865

which seems to suggest what I'm doing should work?

Andrew Culver
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

Ah, just also found this, which seems to be a regression:

https://jira.atlassian.com/browse/JRA-29196

You're right.

Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2013

Hmm.. interesting. But seems it is not working for you? Maybe you want to check with support? Could be a bug.

2 votes
Tobias Heinemann July 23, 2013

Yes, this is a regression - see https://jira.atlassian.com/browse/JRA-29196

You might want to use one of the workarounds mentioned in that issue.

Suggest an answer

Log in or Sign up to answer