Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restricting issue creation of certain types based on user project role / group

Peter Panaguito
Peter Panaguiton April 22, 2013

I was wondering if there is a way to restrict creation of an issue type based on which role or group the creator is in.

For example, I want only Developers to be able to create a new feature or enhancement.

Answer
Watch
Like # people like this
44651 views

15 answers

1 accepted

3 votes
Answer accepted
Harry Chan5
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 22, 2013

Hi, this isn't possible for OnDemand. Only the downloadable version can do this.

There was an issue for this: https://jira.atlassian.com/browse/JRA-5865 but has been resolved as won't fix.

Discussion: https://answers.atlassian.com/questions/33259/permission-to-create-specific-issue-type?page=1#33270

Reply
7 votes
Paul Alexander
Paul Alexander
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 22, 2013

Yes, this can be done out of the box, Peter. First, create a group containing only the developers you want to have access to creating this type of issue. Next, on your workflow for that particular issue type, go to the origination step for the worklow - for example, 'Create Issue'. Add a validation step of type permission and select the group you created in the first step above. of course, you should test it to assure it's working correctly prior to publishing the change (if you don't want to cause potential problems with your users). Anyone not in this group has no access to creating that issue type. They simply would not see it in the dropdown.

View More Comments
SteveM
SteveM June 16, 2016

I don't see an option to add validators based on groups. Can you post a screenshot? (probably not since this post is 3 years old!)

Like mahavishnu likes this
Paul Alexander
Paul Alexander
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 16, 2016

The permissions validator no longer contains an option to specify a user group; you may only specify a permission (e.g., Create Issue) which is useless since this would deny the person from creating any issue type.

Like # people like this
SteveM
SteveM June 16, 2016

That's what I thought. It looks like using Script Runner is the only option. Otherwise you need to create a separate project

Like
Paul Alexander
Paul Alexander
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 22, 2016

Actually, there is another kludge I forgot about that I do one on our projects. I forgot to note this in my latest reply. I knew we had a working example of this somewhere.

Say you only want administrators to be able to create a certain issue type - in my case, I use a custom API to import a ticket from my support system into JIRA. You likely have one or more permissions in your project that are restricted to admins only (e.g., "Delete All Comments" in my case since this is something I only want a few people doing. For this permission, it should contain a group or persons able to do this. In my case, it contains the group, "administrators" with handful of people since we won't want to lose the trail of comments added for this project).

Now, from your workflow for that issue type, go to the Create step and add a validator of type "User Permission Validator" and choose the "Delete All Comments" permission.

Although everyone can still see that issue type, and even populate the Create form, when trying to submit the form, an error about not having this permission results.

Like # people like this
John Bridgwater
John Bridgwater September 12, 2016

We control it using the 'Move Issue' permission in manner mentioned here...so only users in group with 'Move Issue' permission can then create issues in that workflow which has the effect of restricting the issue types that the user can select when creating issues. e.g. we allow 'normal' users to raise stories and issues but not designate something as 'bug' etc. This has to be done after review.

Like # people like this
Tom De Cock
Tom De Cock November 17, 2017

I can't seem to get this working. Any suggestions?


What I did on the 'create' transition in the workflow specific for issue type Idea:

* Delete the standard validator 'only users with -create issue- permission van execute this transition'.
* Add the validator 'only users with -set issue security- permission van execute this transition'.
* In the permission scheme of the project I added only one specific user to the permission 'set issue security'.


Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

Like
Reply
3 votes
Priyanka Lavania
Priyanka Lavania
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 28, 2019

Hi,

I solved this issue using Scriptrunner's behaviour, used below code in initializer and it showed Issuetypes based on logged in user, you can validate user against project roles or even groups

 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.roles.ProjectRoleManager

import static com.atlassian.jira.issue.IssueFieldConstants.ISSUE_TYPE

def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
def allIssueTypes = ComponentAccessor.constantsManager.allIssueTypeObjects

def user = ComponentAccessor.jiraAuthenticationContext.loggedInUser
def issueTypeField = getFieldById(ISSUE_TYPE)
def availableIssueTypes = []

//use this def and if code to check project roles
/*def remoteUsersRoles = projectRoleManager.getProjectRoles(user, issueContext.projectObject)*.name

if ("Testers" in remoteUsersRoles)
{
availableIssueTypes.addAll(allIssueTypes.findAll { it.name in ["Task", "Experiment"] })
}
*/

//use this def and if code to check groups
def remoteUsersRoles = ComponentAccessor.getGroupManager().isUserInGroup(user, "jira-administrators")
if (remoteUsersRoles) {
availableIssueTypes.addAll(allIssueTypes.findAll { it.name in ["Task", "Experiment"] })
}

else {
availableIssueTypes.addAll(allIssueTypes.findAll { it.name in ["Task"] })
}

issueTypeField.setFieldOptions(availableIssueTypes)

 

Hope this helps.

 

Regards,

Priyanka

View More Comments
Arun
Arun September 19, 2019

Hi Priyanka, good work.

Could you help with the code if Current user belongs to both Users and Developers roles, therefore both the above sets of issue types should be available

This link gives the code but the behavior is not as expected in the screen shots added below "Restricting Available Issue Types"

https://scriptrunner.adaptavist.com/5.5.0.3-jira8/jira/recipes/behaviours/restricting-issue-types.html

 

set_issue_types_for_both_roles

Like
Priyanka Lavania
Priyanka Lavania
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 19, 2019

Hi Arun,

Thanks, Happy to help :) , though not sure what you want to achieve. Do you want to validate that if the user is part of both Users and Developers group then he should see Bug and Task issue type else he should see remaining ones?

Let me  know, I will try to code accordingly.

 

Regards,

Priyanka

Like
Arun
Arun September 19, 2019

Sure, I have 3 Issue types ( Defect, Enhancement and Documentation) Defect has to been seen by developers only group but few users also are users and developers so they should all 3 (similar in the picture) and the code is restricting the dual group user to not see all but just 2

Thanks,

Arun

Like
Reply
2 votes
Balint Nagy
Balint Nagy January 30, 2017

I can see that this is an old question, but I had the same today. I put my solution here for anyone's benefit.

There is a suitable validation option called "Users in a field are/aren't in a project role".

So the steps to set it up:

 - Optional: create a JIRA (security) group (say "Special Users Group").

 - Create a role (say "Special Users Role") (see How to add project roles)

 - Update your workflow

   – Select the Create Task transition, and add a validation step

   – Use the "Users in a field are/aren't in a project role" validator

   – The "Special Users Role" should show up under the "Selected project roles" section

   – Fill in validator properties as needed

 - Assign your users to the "Special Users Role", optionally via the "Special Users Group".

 

View More Comments
Alec Mishra
Alec Mishra February 20, 2017

Hi Balint,

I do not have the "Users in a field are/aren't in a project role" validator option, although I do have defined roles associated with the project. Any advice as to why this would be happening? I am using the cloud-based version.

Thanks.

Like Kerli Loopman likes this
Balint Nagy
Balint Nagy March 9, 2018

In my case it was the on-premise version, maybe that1s the difference.

Like
Pavan
Pavan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 1, 2018

@Alec Mishra 

 

Hi Mishra,

 

i'm also facing same issue do you have anyupdate on that.

Like
Shruthi Sadanand
Shruthi Sadanand March 5, 2019

@Chityala Pavan  Did you find any workaround for this?

Like
Michael Dietrich-Spitzley
Michael Dietrich-Spitzley January 2, 2020

Hi,

I solved this problem right now by using the AddOn "Workflow Rules for Jira Lite"

Like
Amir Katz (Outseer)
Amir Katz (Outseer)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 2, 2020

Michael, can you expand on this please?

Like
Reply
2 votes
Geoffrey Rodgers
Geoffrey Rodgers May 22, 2013

Technically, there is a "hack"ish work-around. You can add the group/s to a permission scheme setting (e.g., Set Issue Security, or something you're not currently using), and then add a Validation to the Create transition of the workflow for that permission (which is available in OnDemand).

View More Comments
Adam Barton
Adam Barton January 11, 2016

This is excellent thinking. Hacky for sure but very excellent.

Like
Tom De Cock
Tom De Cock November 17, 2017

I can't seem to get this working. Any suggestions?

What I did on the 'create' transition in the workflow specific for issue type Idea:

  • Delete the standard validator 'only users with -create issue- permission van execute this transition'.
  • Add the validator 'only users with -set issue security- permission van execute this transition'.
  • In the permission scheme of the project I added only one specific user to the permission 'set issue security'.

Nonetheless, anyone with access to the project can create an issue of the issuetype Idea.

Like
Geoffrey Rodgers
Geoffrey Rodgers November 17, 2017

@Tom De Cock Try running the Permissions Helper - https://confluence.atlassian.com/adminjiracloud/using-the-permission-helper-868982879.html - to see if that lists anything that helps understand what permissions the user has access to that they should not. Almost certainly, there's another permission or role that the users have access to granting them greater access than they should have. It's just too wide open of a scenario for me to help with without having access to your setup.

Also, you may have just been using a single user as a quick test for this solution, but I always recommend that Permissions be tied only to Roles, and Roles tied only to Groups. This makes it easier to manage permissions by making sure a User is in the correct groups. It also makes the traceability easier to follow to understand a user's permissions.

Hopefully, some of that helps!

Like
Reply
1 vote
Amir Katz (Outseer)
Amir Katz (Outseer)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 25, 2019

I may be missing something obvious here...

The best way to block any transition in a workflow is to add a condition.

However, in Jira 8.x (and probably earlier), the Create transition does not support Conditions.

So the other option is to create a validator that will fail. This is fine and dandy, but it means that the user will get the issue creation screen, will fill all the mandatory fields (and others) and then, when she clicks on the Create button, the operation will be rejected.

That a really bad UX.

View More Comments
Kerli Loopman
Kerli Loopman September 5, 2022

It is and it gives the wrong error message. For example if you allow to use create transition only to people who have "delete issues" permission, then on issue creation they will get an error saying they don't have permission to delete issues. That would be really confusing to the end user.

Too bad that it doesn't support conditions as there would be an option to add helpful text when condition is not met. 

Like
Reply
1 vote
William JUTEAU
William JUTEAU January 21, 2015

Hi Wilton,

Would you plugin work on JIRA 5.2.X version ? I've been looking for this kind of features for years !!

Thanks for your reply

Reply
1 vote
Pascal
Pascal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2014

Another option is to use the free Script Runner add-on. That adds the option to add a simple script as a validator on the Create transition. With this you could add the following validation to a transition is an issue-specific workflow:

import com.atlassian.jira.component.ComponentAccessor

def groupManager = ComponentAccessor.getGroupManager()
groupManager.isUserInGroup(issue.reporter?.name, 'some group')

Wilton's solution is more elegant, since (if I'm not mistaking) does not even offer the user to create an issue of a certain type. This solution will show an error when the user tries to submit an issue of the type he is not authorized for.

View More Comments
Kota Sreenivasa Shravana Kumar
Kota Sreenivasa Shravana Kumar November 4, 2016

Hi

I am new to script runner and if I wish to put multiple groups in the below line , what should be the syntax ?

groupManager.isUserInGroup(issue.reporter?.name, 'some group')

 

Thanks ! 

Like
Ratna Kumar Lekkala
Ratna Kumar Lekkala June 28, 2017

hi,

Thanks for the code. What if I need to add a condition for issue type? Two of my issues use the same workflow action. So how do I modify your script to trigger only if the issue type is lets say "User story"

Like
Reply
1 vote
Young Plugins
Young Plugins March 3, 2014

I recently created a plugin that might help you. I'm open for suggestions to make it better. Cheers.

Reply
1 vote
Andreas K.
Andreas K. June 10, 2013

Hello,

Could anybody point me to the solution for the downloaded version of JIRA?

Cheers & best :)

View More Comments
Harry Chan5
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 10, 2013

Plugin / JavaScript

Like
Reply
0 votes
graemejohnson
graemejohnson December 17, 2018

Know this is an old thread - but I had the same dilemma and solved it by adding a 'Universal Validator' on the Create transition....

2018-12-17_14h09_15.png

View More Comments
Kerli Loopman
Kerli Loopman September 5, 2022

That is not in Cloud, right? 

Like
Reply
0 votes
James Johnston
James Johnston November 2, 2018

Might not be exactly what you're looking for, but we've just achieved this by creating a workflow for each of the task types. We can then apply different validators to to each workflow to ensure only certain groups can create certain task types.

 

This means our API can create Tasks, but users cannot. However, uses can create Sub-tasks on the tasks created by the API.

 

It's a right faff but it works and we refuse to pay for extra plugins for things that should really be built-in from the start,

Reply
0 votes
Junio Fernandes
Junio Fernandes December 27, 2017

With Workflow Enhancer for Jira you can create a Universal Validator that checks [groups] user is in, evaluating to true or showing a custom error message to user.

View More Comments
Kristof Danckaert
Kristof Danckaert March 7, 2018

Hey, this sounds great.  Can you point me to an example of how to formulate this validator  ?   I want to check that the user belongs to the group INT_ECO if he wants to create an issue of a certain type.

Like
Reply
0 votes
Young Plugins
Young Plugins November 11, 2015

Hi there,

unfortunately not. You should seriously update your JIRA.

Reply
0 votes
Alex Augusto1
Alex Augusto November 10, 2015

Would you plugin work on JIRA 5.4.X version ?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events