This is a question regarding permissions and workflow transition validators. I have a user who does NOT have the "Close Issue" permissions, based on the permissions scheme. However he is still able to close issues. There are no validators defined for the transition. If I add an appropriate "Permissions validator" ('User must have CLOSE permission'), then everything works as expected. Is this behavior by design? What is the reasoning behind having to define a 'permissions validator'? One would expect that if you have the CLOSE permission, you can close the issue. If you do not have the permission, you cannot close the issue.
We are using JIRA 6.2.7
It's partly historical. Back in a very old Jira, there were no hooks in the workflow for Conditions or Validators - the "does user have the close permission" was almost hard coded into the workflow, so all you needed to do was add it and not worry about the workflow.
The newer system where you explicitly add your own "check permissions" stuff is a lot more flexible, but it does need a nice long list of possible permissions and we, as admins, still can't add new permissions. JIRA therefore ships with the old "close" permission which isn't actually used except by the conditions - it's not needed, but Admins would need something like it if it were removed, and I'd bet we'd all add it back in as a "custom permission" if Atlassian went that way.
(in fact, "permissions validator" was the first attempt to make it more configurable and was deprecated almost straight away - you shouldn't use permissions validators, it's better to use conditions to prevent the user even trying something they shouldn't do)
The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs