Restricting issue creation of certain types based on user project role / group

I was wondering if there is a way to restrict creation of an issue type based on which role or group the creator is in.

For example, I want only Developers to be able to create a new feature or enhancement.

11 answers

1 accepted

Hi, this isn't possible for OnDemand. Only the downloadable version can do this.

There was an issue for this: https://jira.atlassian.com/browse/JRA-5865 but has been resolved as won't fix.

Discussion: https://answers.atlassian.com/questions/33259/permission-to-create-specific-issue-type?page=1#33270

Yes, this can be done out of the box, Peter. First, create a group containing only the developers you want to have access to creating this type of issue. Next, on your workflow for that particular issue type, go to the origination step for the worklow - for example, 'Create Issue'. Add a validation step of type permission and select the group you created in the first step above. of course, you should test it to assure it's working correctly prior to publishing the change (if you don't want to cause potential problems with your users). Anyone not in this group has no access to creating that issue type. They simply would not see it in the dropdown.

I don't see an option to add validators based on groups. Can you post a screenshot? (probably not since this post is 3 years old!)

The permissions validator no longer contains an option to specify a user group; you may only specify a permission (e.g., Create Issue) which is useless since this would deny the person from creating any issue type.

That's what I thought. It looks like using Script Runner is the only option. Otherwise you need to create a separate project

Actually, there is another kludge I forgot about that I do one on our projects. I forgot to note this in my latest reply. I knew we had a working example of this somewhere.

Say you only want administrators to be able to create a certain issue type - in my case, I use a custom API to import a ticket from my support system into JIRA. You likely have one or more permissions in your project that are restricted to admins only (e.g., "Delete All Comments" in my case since this is something I only want a few people doing. For this permission, it should contain a group or persons able to do this. In my case, it contains the group, "administrators" with handful of people since we won't want to lose the trail of comments added for this project).

Now, from your workflow for that issue type, go to the Create step and add a validator of type "User Permission Validator" and choose the "Delete All Comments" permission.

Although everyone can still see that issue type, and even populate the Create form, when trying to submit the form, an error about not having this permission results.

We control it using the 'Move Issue' permission in manner mentioned here...so only users in group with 'Move Issue' permission can then create issues in that workflow which has the effect of restricting the issue types that the user can select when creating issues. e.g. we allow 'normal' users to raise stories and issues but not designate something as 'bug' etc. This has to be done after review.

I can't seem to get this working. Any suggestions?


What I did on the 'create' transition in the workflow specific for issue type Idea:

* Delete the standard validator 'only users with -create issue- permission van execute this transition'.
* Add the validator 'only users with -set issue security- permission van execute this transition'.
* In the permission scheme of the project I added only one specific user to the permission 'set issue security'.


Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

Technically, there is a "hack"ish work-around. You can add the group/s to a permission scheme setting (e.g., Set Issue Security, or something you're not currently using), and then add a Validation to the Create transition of the workflow for that permission (which is available in OnDemand).

This is excellent thinking. Hacky for sure but very excellent.

I can't seem to get this working. Any suggestions?

What I did on the 'create' transition in the workflow specific for issue type Idea:

  • Delete the standard validator 'only users with -create issue- permission van execute this transition'.
  • Add the validator 'only users with -set issue security- permission van execute this transition'.
  • In the permission scheme of the project I added only one specific user to the permission 'set issue security'.

Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

@Tom De Cock Try running the Permissions Helper - https://confluence.atlassian.com/adminjiracloud/using-the-permission-helper-868982879.html - to see if that lists anything that helps understand what permissions the user has access to that they should not. Almost certainly, there's another permission or role that the users have access to granting them greater access than they should have. It's just too wide open of a scenario for me to help with without having access to your setup.

Also, you may have just been using a single user as a quick test for this solution, but I always recommend that Permissions be tied only to Roles, and Roles tied only to Groups. This makes it easier to manage permissions by making sure a User is in the correct groups. It also makes the traceability easier to follow to understand a user's permissions.

Hopefully, some of that helps!

Hello,

Could anybody point me to the solution for the downloaded version of JIRA?

Cheers & best :)

Plugin / JavaScript

I recently created a plugin that might help you. I'm open for suggestions to make it better. Cheers.

Another option is to use the free Script Runner add-on. That adds the option to add a simple script as a validator on the Create transition. With this you could add the following validation to a transition is an issue-specific workflow:

import com.atlassian.jira.component.ComponentAccessor

def groupManager = ComponentAccessor.getGroupManager()
groupManager.isUserInGroup(issue.reporter?.name, 'some group')

Wilton's solution is more elegant, since (if I'm not mistaking) does not even offer the user to create an issue of a certain type. This solution will show an error when the user tries to submit an issue of the type he is not authorized for.

Hi

I am new to script runner and if I wish to put multiple groups in the below line , what should be the syntax ?

groupManager.isUserInGroup(issue.reporter?.name, 'some group')

 

Thanks ! 

hi,

Thanks for the code. What if I need to add a condition for issue type? Two of my issues use the same workflow action. So how do I modify your script to trigger only if the issue type is lets say "User story"

Hi Wilton,

Would you plugin work on JIRA 5.2.X version ? I've been looking for this kind of features for years !!

Thanks for your reply

I can see that this is an old question, but I had the same today. I put my solution here for anyone's benefit.

There is a suitable validation option called "Users in a field are/aren't in a project role".

So the steps to set it up:

 - Optional: create a JIRA (security) group (say "Special Users Group").

 - Create a role (say "Special Users Role") (see How to add project roles)

 - Update your workflow

   – Select the Create Task transition, and add a validation step

   – Use the "Users in a field are/aren't in a project role" validator

   – The "Special Users Role" should show up under the "Selected project roles" section

   – Fill in validator properties as needed

 - Assign your users to the "Special Users Role", optionally via the "Special Users Group".

 

Hi Balint,

I do not have the "Users in a field are/aren't in a project role" validator option, although I do have defined roles associated with the project. Any advice as to why this would be happening? I am using the cloud-based version.

Thanks.

Would you plugin work on JIRA 5.4.X version ?

Hi there,

unfortunately not. You should seriously update your JIRA.

With Workflow Enhancer for Jira you can create a Universal Validator that checks [groups] user is in, evaluating to true or showing a custom error message to user.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,896 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot