Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I hide the workflow transition/operations from public users?

Ken Nguyen4
Ken Nguyen December 28, 2011

I have a page viewable by public on which there is a jiraissue macro. Since each issue is a link public users can follow this to view the issue in Jira. I was expected that they can only view the issue according to the permission schemes I have set but still the workflow transition is not only visible but the workflow operations such as the Edit button is enabled to them. This is obviously not acceptable.

Could anyone please let me know how to fix this?

Answer
Watch
Like Be the first to like this
1518 views

2 answers

1 accepted

2 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 28, 2011

This is mostly down to permissions.

The first question is "are your users logging in?". If they are, then you need to chop down your permission schemes a bit to remove the abilitues they are getting via their user account (groups, roles, etc)

If not, then you've got "browse = anyone" in your permission scheme, which is fine because it allows anonymous read access, but you've probably used "anyone" in other permissions too - edit is one of them. Remove the "anyone" and cut it all down to logged-in known users.

The workflow transitions are a similar principle, but you need to look in a different place. Open up the workflow(s) and look at the transitions. You'll probably find that they have no *conditions* or they have *conditions* like "allow people with resolve permission". In the first case, you need to add a condition that will prevent non-logged in users from doing it - the most simple way to do that is simply whack in "user is in group jira-users", as that's the "can log in" group, but you might actually want to cut it down to something even more restrictive. In the second case, you could do the same as the first case, but also think about why they're getting those permissions.

View More Comments
Ken Nguyen4
Ken Nguyen December 28, 2011

By public users, I mean those who not logged in. I have only one permission scheme at this moment which is the default one and I have carefully look through all of them to see if any 'Anyone' slipping in but none found. The 'edit' is definitely not Anyone and that explains the 'Edit' button is correctly hidden from public users. However, the 'Edit' button of the workflow transition is enabled and I have learnt that I should set up permission parameters for the workflow steps (in Workflow page like you suggested) but is there any way to fix this instead of going through all the steps in all workflows which are active now and set up each individual parameters?

I have a lot of workflow at this moment and there is no permission parameter has been set and it seems like if no permission set for a step, it will be default as 'Anyone' resulting in the problem I have here. I found tht rather strange thing to be set as default in Jira. Please correct me if I'm wrong.

Many thanks, Nic!

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 28, 2011

No, you need to amend each transition - there's no other way, because there's no meta-permissions on workflows.

Like
Ken Nguyen4
Ken Nguyen December 28, 2011

Then should there be meta-permissions in Jira regarding this? It will save me lots of time. Do you think this could be an improvement for Jira?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 28, 2011

I think an overall "anonymous users can't do anything in this workflow" flag would be useful. But I don't think there's even a request open for any meta-permission type stuff, and I suspect it wouldn't be a simple change. I don't think it'll happen anytime soon.

Like
Robert Mischke
Robert Mischke January 12, 2012

I agree with Nic Brough. The default behavoir is quite unexpected and not well reasoned

Like
Reply
0 votes
Robert Mischke
Robert Mischke January 12, 2012

I agree with Nic Brough. The default behavoir is quite unexpected and not well reasoned.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events