I am currently preparing for the ACP-600 and stumbled upon the following issue.
On one page it says:
Set Issue Security is needed if an Issue Security Scheme has been applied to the project. The user also needs Browse Projects permission and Edit Issues.
On another page it says:
Users need the ‘Set Issue Security’ permission in the project's permission scheme to set the Security Level on an issue. And, of course, they also need access to the project with the Browse Projects permission and have the permission to create issues.
Now my question is: Am I thinking too narrowly and it simply relates to different Issue Operations or is it a something else?
Thank you very much for your help!
Yes, the operations being mentioned there are technically separate and the code in Jira checks permissions for each separately, but there is some entwining.
There was a time where you could do things to a Jira issue without actually being able to see it. Imagine that you grant me the permission to edit issues in a project, but not "browse". If I know an issue key, I could actually use REST or a carefully constructed URL to tell Jira to edit fields on it, without seeing what is there. Obviously, this was an obscure and clunky flaw to exploit and I never found anyone doing it (deliberately).
But that loophole has been closed now. You can't do anything to an issue unless you can see it, meaning "browse projects". The edit permission does what it says - you need that to make changes to an issue, including setting its security level.
I don't think the two paragraphs you've posted from the docs are quite accurate (but there may be context set in the original docs that is not coming across here)
You do not need "set issue security" if a security scheme is in place. Except for the action of setting a security level on the issue. People working with an issue who do not have "set issue security" simply won't be offered the "level" field for edit.
The second paragraph mentions create issue, again, I think the wider doc was only talking about creating issues. The same point as above applies - if you want someone to be able to set security while creating a new issue, they will need the "set security level", as well as "create issue" in that project.
Hi @Florian Minterbauer it is hard to say without more context, but both paragraphs say the same (in my opinion).
You need to have the Set Issue Security permission set for users who wants to work with Security level field
Thanks for answering
Just to be sure:
If I create an issue and want to set a priority, then I need to be in the appropriate group and have the "Create Issue Permission + Set Issue Security Permission"?
If someone created an issue and I want to set or change the priority I have to be in the appropriate group and have the "Edit Issue Permission + Set Issue Security Permission"?
To work on an issue that has a security on it I only need to be in the appropriate group and not have the "Set Issue Security Permission" - correct?
Thank you very much!
The issue creator can set a priority.
As I said before, the set-security only affects the security level
2. No, as per 1.
3. If an issue has a security level, only some people can see it. Those who can see it can do whatever the rest of ythe permision sheme says they can.
Thank you for your reply. My bad...It was already quite late in germany at that time. sorry again
I should have read through it again.
Priority should be "issue security level"
If I create an issue and want to set a security level (if the level is not set by default , then I need to be in the appropriate group/groups and have the "Create Issue Permission + Set Issue Security Permission"?
If someone created an issue and I want to set or change the security level I have to be in the appropriate group and have the "Edit Issue Permission + Set Issue Security Permission"?
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events