Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

Why do workflow transitions need permission validators to close an issue

Aspi Engineer
Aspi Engineer Jan 12, 2015

This is a question regarding permissions and workflow transition validators. I have a user who does NOT have the "Close Issue" permissions, based on the permissions scheme. However he is still able to close issues. There are no validators defined for the transition. If I add an appropriate "Permissions validator" ('User must have CLOSE permission'), then everything works as expected. Is this behavior by design? What is the reasoning behind having to define a 'permissions validator'? One would expect that if you have the CLOSE permission, you can close the issue. If you do not have the permission, you cannot close the issue.

We are using JIRA 6.2.7

Thanks
Aspi

Answer
Watch
Like Be the first to like this

1 answer

This widget could not be displayed.
Nic Brough [Adaptavist]
Nic Brough [Adaptavist] Community Champion Jan 12, 2015

It's partly historical.  Back in a very old Jira, there were no hooks in the workflow for Conditions or Validators - the "does user have the close permission" was almost hard coded into the workflow, so all you needed to do was add it and not worry about the workflow.

 

The newer system where you explicitly add your own "check permissions" stuff is a lot more flexible, but it does need a nice long list of possible permissions and we, as admins, still can't add new permissions.  JIRA therefore ships with the old "close" permission which isn't actually used except by the conditions - it's not needed, but Admins would need something like it if it were removed, and I'd bet we'd all add it back in as a "custom permission" if Atlassian went that way.

 

(in fact, "permissions validator" was the first attempt to make it more configurable and was deprecated almost straight away - you shouldn't use permissions validators, it's better to use conditions to prevent the user even trying something they shouldn't do)

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Rayen Magpantay
Rayen Magpantay
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

225 views 3 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you