Restricting issue creation of certain types based on user project role / group

I was wondering if there is a way to restrict creation of an issue type based on which role or group the creator is in.

For example, I want only Developers to be able to create a new feature or enhancement.

11 answers

1 accepted

This widget could not be displayed.

Hi, this isn't possible for OnDemand. Only the downloadable version can do this.

There was an issue for this: https://jira.atlassian.com/browse/JRA-5865 but has been resolved as won't fix.

Discussion: https://answers.atlassian.com/questions/33259/permission-to-create-specific-issue-type?page=1#33270

This widget could not be displayed.

Yes, this can be done out of the box, Peter. First, create a group containing only the developers you want to have access to creating this type of issue. Next, on your workflow for that particular issue type, go to the origination step for the worklow - for example, 'Create Issue'. Add a validation step of type permission and select the group you created in the first step above. of course, you should test it to assure it's working correctly prior to publishing the change (if you don't want to cause potential problems with your users). Anyone not in this group has no access to creating that issue type. They simply would not see it in the dropdown.

I don't see an option to add validators based on groups. Can you post a screenshot? (probably not since this post is 3 years old!)

The permissions validator no longer contains an option to specify a user group; you may only specify a permission (e.g., Create Issue) which is useless since this would deny the person from creating any issue type.

That's what I thought. It looks like using Script Runner is the only option. Otherwise you need to create a separate project

Actually, there is another kludge I forgot about that I do one on our projects. I forgot to note this in my latest reply. I knew we had a working example of this somewhere.

Say you only want administrators to be able to create a certain issue type - in my case, I use a custom API to import a ticket from my support system into JIRA. You likely have one or more permissions in your project that are restricted to admins only (e.g., "Delete All Comments" in my case since this is something I only want a few people doing. For this permission, it should contain a group or persons able to do this. In my case, it contains the group, "administrators" with handful of people since we won't want to lose the trail of comments added for this project).

Now, from your workflow for that issue type, go to the Create step and add a validator of type "User Permission Validator" and choose the "Delete All Comments" permission.

Although everyone can still see that issue type, and even populate the Create form, when trying to submit the form, an error about not having this permission results.

We control it using the 'Move Issue' permission in manner mentioned here...so only users in group with 'Move Issue' permission can then create issues in that workflow which has the effect of restricting the issue types that the user can select when creating issues. e.g. we allow 'normal' users to raise stories and issues but not designate something as 'bug' etc. This has to be done after review.

I can't seem to get this working. Any suggestions?


What I did on the 'create' transition in the workflow specific for issue type Idea:

* Delete the standard validator 'only users with -create issue- permission van execute this transition'.
* Add the validator 'only users with -set issue security- permission van execute this transition'.
* In the permission scheme of the project I added only one specific user to the permission 'set issue security'.


Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

This widget could not be displayed.

Technically, there is a "hack"ish work-around. You can add the group/s to a permission scheme setting (e.g., Set Issue Security, or something you're not currently using), and then add a Validation to the Create transition of the workflow for that permission (which is available in OnDemand).

This is excellent thinking. Hacky for sure but very excellent.

I can't seem to get this working. Any suggestions?

What I did on the 'create' transition in the workflow specific for issue type Idea:

  • Delete the standard validator 'only users with -create issue- permission van execute this transition'.
  • Add the validator 'only users with -set issue security- permission van execute this transition'.
  • In the permission scheme of the project I added only one specific user to the permission 'set issue security'.

Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

@Tom De Cock Try running the Permissions Helper - https://confluence.atlassian.com/adminjiracloud/using-the-permission-helper-868982879.html - to see if that lists anything that helps understand what permissions the user has access to that they should not. Almost certainly, there's another permission or role that the users have access to granting them greater access than they should have. It's just too wide open of a scenario for me to help with without having access to your setup.

Also, you may have just been using a single user as a quick test for this solution, but I always recommend that Permissions be tied only to Roles, and Roles tied only to Groups. This makes it easier to manage permissions by making sure a User is in the correct groups. It also makes the traceability easier to follow to understand a user's permissions.

Hopefully, some of that helps!

This widget could not be displayed.

Hello,

Could anybody point me to the solution for the downloaded version of JIRA?

Cheers & best :)

Plugin / JavaScript

This widget could not be displayed.

I recently created a plugin that might help you. I'm open for suggestions to make it better. Cheers.

This widget could not be displayed.

Another option is to use the free Script Runner add-on. That adds the option to add a simple script as a validator on the Create transition. With this you could add the following validation to a transition is an issue-specific workflow:

import com.atlassian.jira.component.ComponentAccessor

def groupManager = ComponentAccessor.getGroupManager()
groupManager.isUserInGroup(issue.reporter?.name, 'some group')

Wilton's solution is more elegant, since (if I'm not mistaking) does not even offer the user to create an issue of a certain type. This solution will show an error when the user tries to submit an issue of the type he is not authorized for.

Hi

I am new to script runner and if I wish to put multiple groups in the below line , what should be the syntax ?

groupManager.isUserInGroup(issue.reporter?.name, 'some group')

 

Thanks ! 

hi,

Thanks for the code. What if I need to add a condition for issue type? Two of my issues use the same workflow action. So how do I modify your script to trigger only if the issue type is lets say "User story"

This widget could not be displayed.

Hi Wilton,

Would you plugin work on JIRA 5.2.X version ? I've been looking for this kind of features for years !!

Thanks for your reply

This widget could not be displayed.

I can see that this is an old question, but I had the same today. I put my solution here for anyone's benefit.

There is a suitable validation option called "Users in a field are/aren't in a project role".

So the steps to set it up:

 - Optional: create a JIRA (security) group (say "Special Users Group").

 - Create a role (say "Special Users Role") (see How to add project roles)

 - Update your workflow

   – Select the Create Task transition, and add a validation step

   – Use the "Users in a field are/aren't in a project role" validator

   – The "Special Users Role" should show up under the "Selected project roles" section

   – Fill in validator properties as needed

 - Assign your users to the "Special Users Role", optionally via the "Special Users Group".

 

Hi Balint,

I do not have the "Users in a field are/aren't in a project role" validator option, although I do have defined roles associated with the project. Any advice as to why this would be happening? I am using the cloud-based version.

Thanks.

In my case it was the on-premise version, maybe that1s the difference.

@Alec Mishra 

 

Hi Mishra,

 

i'm also facing same issue do you have anyupdate on that.

This widget could not be displayed.

Would you plugin work on JIRA 5.4.X version ?

This widget could not be displayed.

Hi there,

unfortunately not. You should seriously update your JIRA.

This widget could not be displayed.

With Workflow Enhancer for Jira you can create a Universal Validator that checks [groups] user is in, evaluating to true or showing a custom error message to user.

Hey, this sounds great.  Can you point me to an example of how to formulate this validator  ?   I want to check that the user belongs to the group INT_ECO if he wants to create an issue of a certain type.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

115 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you