Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why do workflow transitions need permission validators to close an issue

Aspi Engineer
Aspi Engineer January 12, 2015

This is a question regarding permissions and workflow transition validators. I have a user who does NOT have the "Close Issue" permissions, based on the permissions scheme. However he is still able to close issues. There are no validators defined for the transition. If I add an appropriate "Permissions validator" ('User must have CLOSE permission'), then everything works as expected. Is this behavior by design? What is the reasoning behind having to define a 'permissions validator'? One would expect that if you have the CLOSE permission, you can close the issue. If you do not have the permission, you cannot close the issue.

We are using JIRA 6.2.7

Thanks
Aspi

Answer
Watch
Like Be the first to like this
462 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 12, 2015

It's partly historical.  Back in a very old Jira, there were no hooks in the workflow for Conditions or Validators - the "does user have the close permission" was almost hard coded into the workflow, so all you needed to do was add it and not worry about the workflow.

 

The newer system where you explicitly add your own "check permissions" stuff is a lot more flexible, but it does need a nice long list of possible permissions and we, as admins, still can't add new permissions.  JIRA therefore ships with the old "close" permission which isn't actually used except by the conditions - it's not needed, but Admins would need something like it if it were removed, and I'd bet we'd all add it back in as a "custom permission" if Atlassian went that way.

 

(in fact, "permissions validator" was the first attempt to make it more configurable and was deprecated almost straight away - you shouldn't use permissions validators, it's better to use conditions to prevent the user even trying something they shouldn't do)

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events