I'm trying to lock down certain parts of JIRA using permission schemes, and I'm unclear which project permissions allow you to interact with a project that you cannot browse.
With some testing, I've found that the "Create Issue" permission will allow a user to create an issue in a project (and, by extension, view the list of components and versions in that project) even if the user does not have permission to browse the project.
I can see a comprehensive list of project permissions in Managing Project Permissions, but I can't find an authority on which permissions are still (wholly or partially) effective without being able to "Browse Projects".
Anything related to an issue (like Edit, comment, move etc) are dependent on "Browse" issues because a user can do those only if they can see the issue.
Anything related to the project (Administer, Create only these two if I remember correctly) are not dependent on "Browse".
I've also found that I can create a link to a ticket which I'm not allowed to browse. (If I can browse ABC-123, and I can't browse DEF-999, I can still create a link from ABC-123 to DEF-999 if the "Link Issues" permission has been granted to "Anyone" in DEF.)
Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG