Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permissions Not Restricted Correctly?

John Miller19
John Miller July 19, 2011

Hi,

Thanks in advance for any help.

I have a Group, Customer_1.

I have a Permission Scheme, under which Customer_1 has the following permissions:

Browse Projects

Create Issues

Add Comments

Create Attachments

I have a project, we'll call Project_1. Project_1 has the permission scheme Customer_1.

I have a user, we'll call MyCustomer, who belongs to group jira-users and Customer_1.

MyCustomer is able to not only view and create issues (good!), but can transition issues through workflow (undesireable for me, but I'm unsure if this can be restricted) and also resolve/close issues (!). I'm pretty sure I'm doing something wrong and this isn't a bug (because it would be a helluva bug), but what might that be?

My objective is to make customer logins so that they can view their issues (which I restrict with a security scheme that seems working), and add new issues, but not modify/close existing issues, see work-time allocated, anything like that. Essentially a very boxed-in user.

What can I do? Thank you!

Answer
Watch
Like Be the first to like this
462 views

2 answers

1 vote
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 19, 2011

You can do it in JIRA. Create, Edit, Adding Worklog etc are different permissions and you can configure who can do those using permission scheme itself.

Workflow is different though. Who can transition an issue from one step to another can be restircted using workflow conditions. Add a condition that says only users in a purticular group or project role can do this.

Reply
0 votes
John Miller19
John Miller July 19, 2011

Thanks. That looks really helpful.

However, if a Permission Scheme does not allow a particular Group 'resolve' and 'close' permissions, what else could it mean except to restrict users in that Group/Permission combo from not being able to do the workflow steps 'resolve' and 'close'?

View More Comments
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 19, 2011

Check out this page to see more on the project permissions. Resolve also give permission to set the Fix Version value on issues in addition to the workflow resolve.

Like
John Miller19
John Miller July 20, 2011

I did - what I'm saying is that these Groups explicitly to not have 'resolve' and 'close' permissions, and that the project in question has this permission scheme, so a user who is only a member of two groups, neither of which have resolve or close permissions, should not (as far as my understanding goes) be able to resolve or close issues.

I appreciate the link, but that's exactly the steps I followed and tried to outline above. If I am misunderstanding, then my misunderstanding stems from the link, so additional detail would be appreciated.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events