Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why do workflow transitions need permission validators to close an issue

Aspi Engineer
Aspi Engineer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 12, 2015

This is a question regarding permissions and workflow transition validators. I have a user who does NOT have the "Close Issue" permissions, based on the permissions scheme. However he is still able to close issues. There are no validators defined for the transition. If I add an appropriate "Permissions validator" ('User must have CLOSE permission'), then everything works as expected. Is this behavior by design? What is the reasoning behind having to define a 'permissions validator'? One would expect that if you have the CLOSE permission, you can close the issue. If you do not have the permission, you cannot close the issue.

We are using JIRA 6.2.7

Thanks
Aspi

Answer
Watch
Like Be the first to like this
516 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 12, 2015

It's partly historical.  Back in a very old Jira, there were no hooks in the workflow for Conditions or Validators - the "does user have the close permission" was almost hard coded into the workflow, so all you needed to do was add it and not worry about the workflow.

 

The newer system where you explicitly add your own "check permissions" stuff is a lot more flexible, but it does need a nice long list of possible permissions and we, as admins, still can't add new permissions.  JIRA therefore ships with the old "close" permission which isn't actually used except by the conditions - it's not needed, but Admins would need something like it if it were removed, and I'd bet we'd all add it back in as a "custom permission" if Atlassian went that way.

 

(in fact, "permissions validator" was the first attempt to make it more configurable and was deprecated almost straight away - you shouldn't use permissions validators, it's better to use conditions to prevent the user even trying something they shouldn't do)

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security