Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scriting options for Project level access removal

khushboo_puri
khushboo_puri
Contributor
February 6, 2025

Can we use scripting (postman or scriptrunner)to remove users from Project roles(leaving only groups)

Answer
Watch
Like Be the first to like this
69 views

1 answer

1 vote
Jeroen Poismans
Jeroen Poismans
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 6, 2025

Hi,

I have made a script that removes a group from a project role on all projects in an instance:

import com.atlassian.crowd.embedded.api.Group
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.project.Project
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.security.roles.ProjectRoleActors
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.RoleActor
import com.onresolve.scriptrunner.parameters.annotation.ProjectPicker
import com.onresolve.scriptrunner.parameters.annotation.ProjectRolePicker
import com.onresolve.scriptrunner.parameters.annotation.GroupPicker
import com.onresolve.scriptrunner.parameters.annotation.*
import org.apache.log4j.Level
import org.apache.log4j.Logger

import static com.atlassian.jira.security.roles.ProjectRoleActor.GROUP_ROLE_ACTOR_TYPE
import static java.util.Collections.singletonList

def log = Logger.getLogger("be.script")
log.setLevel(Level.INFO)

@GroupPicker(label = 'Group', description = 'Pick a group to remove from role', placeholder = 'Pick a group')
Group INPUT_group

@ShortTextInput(label = "Project role", description = "")
String INPUT_projectRole

ProjectManager projectManager = ComponentAccessor.getProjectManager()
ProjectRoleService projectRoleService = ComponentAccessor.getOSGiComponentInstanceOfType(ProjectRoleService.class)
ProjectRoleManager projectRoleManager = ComponentAccessor.getOSGiComponentInstanceOfType(ProjectRoleManager.class)

int count = 0
ProjectRole projectRole = projectRoleManager.getProjectRole(INPUT_projectRole)
List<Project> allProjects = projectManager.getProjects()

for (Project currentProject: allProjects) {
   ProjectRoleActors projectRoleActors = projectRoleService.getProjectRoleActors(projectRole, currentProject, null)

   Optional<RoleActor> actorToRemove =  projectRoleActors.getRoleActors().stream()
         .filter {it -> it.parameter.equalsIgnoreCase(INPUT_group.getName())}
         .findFirst()

   if (actorToRemove.isPresent()) {
      count ++
      projectRoleService.removeActorsFromProjectRole(singletonList(INPUT_group.getName()), projectRole, currentProject, GROUP_ROLE_ACTOR_TYPE, null)
      log.info("$count => project $currentProject")
   }
}

return "Done!"

 

With some tinkering you might be able to transform it so it removes a user form a project role in all projects or to whatever need you might have.

In the top of the script you will see the following:

@GroupPicker(label = 'Group', description = 'Pick a group to remove from role', placeholder = 'Pick a group')
Group INPUT_group

@ShortTextInput(label = "Project role", description = "")
String INPUT_projectRole

In the script runner script console this shows a dropdown to pick a group and an input textbox to provide the project role. You can replace this with logic for a hardcoded user etc ...

Near the end you will see this line:

projectRoleService.removeActorsFromProjectRole(singletonList(INPUT_group.getName()), projectRole, currentProject, GROUP_ROLE_ACTOR_TYPE, null)

The param GROUP_ROLE_ACTOR_TYPE tells the service to remove groups provided in the other params. This params can also be USER_ROLE_ACTOR_TYPE, which will indicate to remove users provided. 

With this you should come to a solution.

Jeroen

 

View More Comments
khushboo_puri
khushboo_puri
Contributor
February 9, 2025

HI @Jeroen Poismans 

Can we remove only users from project roles and we don't want to remove groups from project roles?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events