Is it possible to assign the 'Browse User' global permission to a project role?

If this was a user story it'd look something like this:

As an Project Administrator I want to be able to Browse Users so that I add them project roles without needing to know their JIRA username.

I think that makes sense? Based on the roles available under a project (we're moving away from the groups schema) I want to allow the users in the Administrator role to be able to add other users to the various project roles. They want to do this as well but they want the "hint" to appear - you start typing in someones name and they list of possible users is displayed, gradually reducing as you type in more.

At the moment I've had to make this permissiona available to 'Anyone' but I was wondering if I could do what I wanted and restrict it to a project role?

2 answers

1 accepted

0 votes
Answer accepted

Seems like I'm largely on the right track then - what I'm working towards is a system when I'll have super groups for PM and QA, which will have the global permission for Browsing Users, whilst developers will not be able to do this (because, with the way we work, they wil never have a need to do anything that utilises that functionlaity).

I guess in this example it isn't as relevant because Browse User isn't really a permission that can cause any problems, but with the other global permissions I'm sure you can see scenarios where you might want to make it available to product managers and jira admins only. But in this case, you might want that permission to be limited to that specific project.

I *think* I might have solved that with my super group idea where members of the group has the permission, but the group isn't assigned to any project roles, so they get the permission without having access to every project (because the relevant product manager would be given the administrator role on their project et).

As for the last part of my earlier response, ignore it, I was thinking out loud.

Thanks for the prompt responses - it's good to riff off other people who understand what you're trying to achieve :)

Yes, that sounds right to me. You don't want developers to be able to see the list of users, but there's a small batch of people (in a couple of groups) who can.

0 votes

No, the permission is a global one, so it can only be done by group/anyone at the moment.

I don't think it could be made to work with roles either - I can see what you're getting at inside projects, but what about all the places you can enter a user outside a project? How do you know what role a user is in when you don't have a project context?

Example - go into search. Ignore the project selection and go to assignee - given that person X can see users in projects A and B, but not C because he's in an admin role for A nd B, then what do you offer? How complex could that get?

Hi Nic,

Thanks for your answer - I see what you're getting at as well with regard to user searching etc. When you're looking for an assingee for example, that's from the group/users who have access to the project right? Where as the user search for giving specific users permissions is completely different, isn't it?

I might have misunderstood your point - users roles outside of projects really only have a context if you put them in a group? Currently we have Dev, PM and QA groups for each project, and with about 30 projects this isn't working out well at all, it definitely is a nightmare to administer.

So I'm trialling the whole "roles" concept at the moment, to make the scrums teams self managing in JIRA as they are in other aspects of the project, which again is why I want them to be able to search for users - I've achieved this by allowing "anyone" to have the browse user permission, which seems fine as it isn't that dangerous.

You example raises other questions - if the person the bug needs to be assigned to isn't available because they are in another project, you move the bug to that project and set yourself as a watcher so you can keep in touch with the bug to see what progress is being made. Would you agree?

Yes, that's right. The "search/browse user" stuff is totally separate from the "I can do stuff in a project". The project has options around "name a user here",and if Jira thinks someone can use those options, then it goes "hmm, does the current user have the rights to look through the list of users" completely independently of the project permissions.

I don't think you've misunderstood me at all. Roles belong to projects. Groups are global. To use a role to give rights to a user, you need to know which project you're in (because user A might be in role 1 for project X, but not in project Y). A lot of Jira is used outside a project, so you can't use roles for it.

Your requirement does make sense to me, but I can see it a) creating "how come I can get a user list in A but not B" questions from your users, b) generating questions about how you'd implement it when you don't have a project context and c) being rather complicated to code into Jira

And yes, I do exactly what you've done - simply let everyone see the full user list.

The last question about moving issues is not really relevant though. You can do exactly what you've described without even looking at the "can browse list of users" question. I'm not quite sure what you're asking there?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in United States

From Atlassian: Confluence Security Advisory - 2019-03-20

Atlassian released a security advisory on 3/20/2019.  The full advisory is here: In a nutshe...

22 views 0 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you