Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permissions for "Set Issue Security"

Florian Minterbauer
Florian Minterbauer April 15, 2021

Hello all,

I am currently preparing for the ACP-600 and stumbled upon the following issue.

On one page it says:

Set Issue Security is needed if an Issue Security Scheme has been applied to the project. The user also needs Browse Projects permission and Edit Issues.

On another page it says:

Users need the ‘Set Issue Security’ permission in the project's permission scheme to set the Security Level on an issue.  And, of course, they also need access to the project with the Browse Projects permission and have the permission to create issues.

Now my question is: Am I thinking too narrowly and it simply relates to different Issue Operations or is it a something else?

Thank you very much for your help!

Cheers!

 

Answer
Watch
Like Be the first to like this
1250 views

3 answers

2 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 15, 2021

Yes, the operations being mentioned there are technically separate and the code in Jira checks permissions for each separately, but there is some entwining.

There was a time where you could do things to a Jira issue without actually being able to see it.  Imagine that you grant me the permission to edit issues in a project, but not "browse".  If I know an issue key, I could actually use REST or a carefully constructed URL to tell Jira to edit fields on it, without seeing what is there.  Obviously, this was an obscure and clunky flaw to exploit and I never found anyone doing it (deliberately).

But that loophole has been closed now.  You can't do anything to an issue unless you can see it, meaning "browse projects".  The edit permission does what it says - you need that to make changes to an issue, including setting its security level.

I don't think the two paragraphs you've posted from the docs are quite accurate (but there may be context set in the original docs that is not coming across here)

You do not need "set issue security" if a security scheme is in place.  Except for the action of setting a security level on the issue.  People working with an issue who do not have "set issue security" simply won't be offered the "level" field for edit.

The second paragraph mentions create issue, again, I think the wider doc was only talking about creating issues.  The same point as above applies - if you want someone to be able to set security while creating a new issue, they will need the "set security level", as well as "create issue" in that project.

Reply
0 votes
Florian Minterbauer
Florian Minterbauer April 16, 2021

Hi guys,

Thanks for answering

Just to be sure:


Scenario 1:
If I create an issue and want to set a priority, then I need to be in the appropriate group and have the "Create Issue Permission + Set Issue Security Permission"?


Scenario 2:
If someone created an issue and I want to set or change the priority I have to be in the appropriate group and have the "Edit Issue Permission + Set Issue Security Permission"?


Scenario 3:
To work on an issue that has a security on it I only need to be in the appropriate group and not have the "Set Issue Security Permission" - correct?

 

Thank you very much!

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 16, 2021

1. No

The issue creator can set a priority.

As I said before, the set-security only affects the security level

2. No, as per 1.

3. If an issue has a security level, only some people can see it.  Those who can see it can do whatever the rest of ythe permision sheme says they can.

Like
Florian Minterbauer
Florian Minterbauer April 17, 2021

Thank you for your reply. My bad...It was already quite late in germany at that time. sorry again

I should have read through it again.
Priority should be "issue security level"


Scenario 1:
If I create an issue and want to set a security level (if the level is not set by default , then I need to be in the appropriate group/groups and have the "Create Issue Permission + Set Issue Security Permission"?


Scenario 2:
If someone created an issue and I want to set or change the security level I have to be in the appropriate group and have the "Edit Issue Permission + Set Issue Security Permission"?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 17, 2021

Yes, those are correct, but I wanted to point out that security levels are not based entirely on groups - you can use roles, individuals and fields in them as well if you want.

Like Martin Bayer _MoroSystems_ s_r_o__ likes this
Reply
0 votes
Martin Bayer _MoroSystems_ s_r_o__
Martin Bayer _MoroSystems_ s_r_o__
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 15, 2021

Hi @Florian Minterbauer it is hard to say without more context, but both paragraphs say the same (in my opinion).

You need to have the Set Issue Security permission set for users who wants to work with Security level field

  • edit Security level
  • create issue on which the Security level is mandatory and is not set by default
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events