Jira security/error/permissions logs

Hello, As I've said in my question, To me they should be able to do what they're trying to do. So I have checked their logins and I have checked the conditions I have placed on the transitions and the permissions schemes.

It is because I could not figure it out based on these that I asked if there is any log stored anywhere, which to me seems like a sensible question.

JIRA is offering me the button to click on, so obviously it thinks the user should have permissions to do s.

The problem with the idea of a log is that there is nothing to log - they don't have the permission to do what they clicked on, so there's no action taken, and all you'll get in any log is "they landed on the no permission scheme". If you've got Apache or something in front of Jira, then you might be able to tell what screen they were on before, but that's about it. The next level of logging would be to record every single click and potential action which is complete overkill, and you'd have millions of lines of log every day.

Could you go over the permissions in detail here maybe? Are you sure they are using the user account you think they are (get them to go to their profile and check the login, not just the display name or email address). How *exactly* are they getting to the screen? You haven't said here whether they are clicking on something in Jira (which they should NOT be able to do because it generally hides actions they don't have permissions for), or hitting a URL directly (which could be a problem as they're trying to bypass a permission, or they're not giving the information it needs from the previous screen).

Just because it offers you the button to click on, does not mean it will offer it to them. Unless your account is identical to theirs (including not having admin rights) and you don't use single users in permission schemes. There's more than one place permissions are controlled, and you may also have plugins that affect it.