Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permission conflict. Probably a bug.

raoptimus
raoptimus July 4, 2013

Why do non-related to the project users can see this project on the browse projects page? There is no logical sense in it.

I tried to work it out with the Reporter Rule(show only projects with create permission).
https://confluence.atlassian.com/display/JIRA/Current+Reporter+Browse+Project+Permission

But the Current Assignee Rule and the Reporter Rule(show only projects with create permission) are conflicting.

How can this problem be solved?

I need a few assignee people could see only tasks created for them and in the same time could see only projects, in which they are involved,on the browse projects page.

That is quite sensible.

Thank you in advance.

Answer
Watch
Like Be the first to like this
826 views

5 answers

1 accepted

0 votes
Answer accepted
raoptimus
raoptimus July 15, 2013

I solved this problem.

In DefaultIssueSecurityScheme / Edit Issue Security Levels

  1. Add "Default" Level with rule Reporter (show only projects with create permission) (Anyone) and Current Assignee.
  2. Apply as Default for the project DefaultIssueSecurityScheme and associate all issues

Thanks all

ps: all very confusing and not logical

Reply
1 vote
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 14, 2013

Hi Eugeniy

still tryin to understand the goal your aiming at.

ok. How can I make some users only see tasks that were created by them without Current Assignee rule?

help me

this is simple.

use issue level security to get this. add reporter and a role of project users that should see this as well. i.e. develpers.

i built something similar on a Support Project.

Permission Scheme says "Browse Project" = jira-users

Issue Level Security

  • Reporter & Support (default) & not editable by reporter (Permission Scheme: deny set issue security for non admin users )
  1. add Reporter
  2. add Role (i.e. Supporter)
  3. add Current Assignee

for more info read https://confluence.atlassian.com/display/JIRA/Configuring+Issue-level+Security

hope this helps proceeding

this is not a bug. you may misunderstood the complex configuration options

cheers

View More Comments
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 14, 2013

once you apply your new issue level scheme to your project these settings will take effect.

only the reporter, the current assignee or in that case users that are in Supporters role can view the issue.

still every active jira user (group jira-user) can browse the project. but as the issues now hold a security level "this your solution is" (like yoda would say)

Like
raoptimus
raoptimus July 15, 2013

heh.

example:

  1. create user "test"
  2. add user "test" to group "jira-users" (only for auth)
  3. create project "Project_1" with empty roles (no groups or users)
  4. create project "Project_2" with empty roles (no groups or users)
  5. create role "Supporter" for projects
  6. add user "test" to role "Supporter" for project "Project_1" (only)
    PS: project "Project_2" is still empty roles
  7. See DefaultPermissionScheme. Add permission "Current Assignee" to rule "Browse Projects"
  8. Login as user "test". See Browse Broject on /secure/BrowseProjects.jspa#all
    What is there? Project_1 (true) and Project_2 (false, why?)

ps: issue can not be created for assignee"test" to project "project_2" (true).
why user "test" sees "Project_2" in the list of projects (Browse Projects)?

example 2:

  1. ...
  2. ...
  3. ...
  4. ...
  5. ...
  6. ...
  7. Add permission "Current Assignee" to rule "Browse Projects".
    Add permission "Reporter (show only projects with create permission) " to rule "Browser Projects".
    PS: Rule "Create Issues" has no role "Supporter". User "test" can't create issue
  8. Login as user "test". See Browse Broject on /secure/BrowseProjects.jspa#all
    What is there? Project_1 (true) and Project_2 (false, why?)
Like
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2013

try this:

add new group "testgroup1" and make user test a member.

open permission scheme.

remove "current assignee" from "Browse Project" and add "Role: User" (not Group) instead.

"Create Issues" should have "group: jira-users" or "role : users"

now go to your project administration for Project_1 and open Roles:

add group "testgroup1" to the Users role.

make sure project_2 roles administration doesn't have "testgroup1" listed

try again and let me know

Like
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2013

hmmm i think it is pretty much logical (no offense)

sorry for all the misunderstanding right here...but sometimes asking a good question is much harder than finding a relevant answer isn't it?

glad we could help anyway. enjoy your jira

Like
Reply
0 votes
raoptimus
raoptimus July 8, 2013

ok. How can I make some users only see tasks that were created by them without Current Assignee rule?

help me

View More Comments
raoptimus
raoptimus July 14, 2013

the solution not found

Like
Reply
0 votes
raoptimus
raoptimus July 4, 2013

on page /secure/BrowseProjects.jspa#all

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

What do you mean by "conflicting"? And what does your "browse" permission say for the projects?

If you have set up your project so that "Browse" is

  • Reporter (show only projects with create permission)
  • Assignee
Then I'd expect everyone to be able to see the project, but only the issues that they have reported, or are currently assigned to. Is that what you are getting? It is correct - users must be able to see the project if they can use it in any way, even if they have not yet reported or been assigned anything in it.
View More Comments
raoptimus
raoptimus July 4, 2013

Reporter (show only projects with create permission) doesn't work with Current Assignee. The user is not related to any project role. And is not related to a group that could be referred to a project role.

He is not related to the project, but in the same time he can see it in Browse projects.

Why is it so?

The Current Assignee Rule should give a possibility to see someone's tasks in the project, if this user is added to some project role.

but in practice the user can see all the projects in Browse projects because of the Current Assignee Rule.

Is this logically right? The user hasn't any role in the project, but he can see it in Browse projects.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

> Reporter (show only projects with create permission) doesn't work with Current Assignee

I'm afraid I don't understand what you mean. Those are two separate options for the rule "does this person have this permission". They don't have anything to do with each other, apart from being on the same list of options when you say "grant permission X to <option>". They don't work together, they're simply options on a list.

Skipping over that though, you then say "he is not related to the project, but can see it in browse projects"

That is absolutely correct for the "reporter" permission. The reasoning is simple - if the user can CREATE issues in the project, then they need to be able to see the project. Not all the issues in it - they won't see any other issues, only the ones they create, but they need to be able to see the project to use it.

It doesn't matter about the user's roles, groups or anything else. You're granting them the right to see issues in a project via the reporter permission, so they can see the project.

Like
raoptimus
raoptimus July 4, 2013

If there is only Current Assignee for Browse Projects, then why the user can see the projects which he is not related to?

Don't take in account (show only projects with create permission). I was compelled to try this rule.

I can't create a task for a non-related to the project user.

So why does the Current Assignee Rule give him a possibility to see ALL the projects?

Like
raoptimus
raoptimus July 4, 2013

"Reporter" permission works correctly, but it doesn't work mutually with Current Assignee permission for Browser Projects

Like
raoptimus
raoptimus July 4, 2013

Problem in Current Assignee permission

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

You are missing the point.

Again. It does not matter if the user is named in the projects. The combination of rights does not matter.

You have granted them the right to create issues and/or the right to be assigned issues by one route or another. Therefore they can see the project bercause they need the access in order to use those rights.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

Yes, it does.

Unless someone has made significant modifications to the core of your Jira, the combination of rights is not having any effect.

Try testing them completely separately. You'll find the behaviour is coming entirely from one of them.

Like
raoptimus
raoptimus July 4, 2013

Edit Permissions — Default Permission Scheme

Add "Current Assignee" to Browse Projects

user "test" is not added to any role of the project or group. he can only login to jira

Why user "test" can see the ALL projects????

on page /secure/BrowseProjects.jspa#all

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

Because you've allowed the assignee to see the issues they are assigned to, so they see all the projects using that permission scheme.

Like
raoptimus
raoptimus July 5, 2013

I can not create a issue and assign that user "test". it is right.

so why does he see the projects on issues that can not work?

you understand. this user does not have projects.

Like
raoptimus
raoptimus July 5, 2013

Why Rule "Current Assignee" gives the ability to view full list of projects to the user who does not have any project?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events