User in us can create, see issues, user in cn can only create

This seems odd. I received a report from a colleague of mine in Beijing. He can create issues in our JIRA server, which is run here in California, but he is not able to read any issues, even those he created.

I checked the Permission Schemes. We are using only one. I checked the project. I checked which groups he is in. Then I noticed another user. She is in exactly the same groups. She sits across the hall from me, here in CA. She can create issues and see them and has no problems with this.

So, what is there to look at here? Permission Schemes. Projects. Groups. What else is there that can block access?

6 answers

1 accepted

This widget could not be displayed.

Permission scheme is the first thing to check, although there's only two important lines for this problem. (Also, just make sure the scheme you are looking at is definitely associated with the project)

Look very carefully at "browse" permission - what *exactly* have you got on that line? Does it say something like "assignee, group X, group Y and role Z". How exactly does your Beijing user match that? Are they in one or more groups? Roles in the project? Etc.

The second line in the permission scheme is "security level". This is tied to the "security scheme" on the project header. Most people don't use this much, so rather than ramble at length here, can you just look at the project settings - if the security scheme is set to "none", it's not this.

It sounds like a security level issue. Your Beijing colleague has Create Issue permission in that project. However the default security level does not contain the group/project role his is in as well as the reporter. So he can create an issue but is not allowed to see it anymore. We fumbled over a similar situation.


Our JIRA says:

You do not currently have any issue security schemes configured.

Excellent, that completely rules out that one, so it must be the permissions.

What, exactly, do you have in the permission scheme for "browse"? (Be interesting to look at "create issue" as well...)

By "Browse", I take it that you mean "Browse Projects". That _is_ the only permission with the word "Browse" in it.

I did not have jira-users associated with the 'Browse Projects' permission. Now I do. And now I think that this will solve our problem. I will check when the Beijing people come on-line.

Yes, sorry, I forget it's "browse projects", I don't even look at the words any more. Familiarity etc :-(

I really do think your user is failing to match something in the browse permissions. Jira-users group should fix it though - by default it is used to mean "can log in", so although it's a bit "sledgehammer to crack a nut", it is an excellent way to test it! If it works, then you know it's definitely your browse-project membership that's causing it.

This widget could not be displayed.

You could check the project roles. Also verify the userid by looking at the JIRA user's and seeing id the China user may be using another userid.

I see that the Beijing user did create an issue in the project at the time I expected. I think this verifies that he is logging in as the user I expect.

This widget could not be displayed.

We mostly just use the groups jira-users, jira-developers and testers. The "testers" group is the only one able to do a few things. The jira-developers group can do pretty much anything. The users here in CA and in CN are both in the jira-users group. I added this group to the 'Browse Projects' permission in the scheme. I do not think this will fix the issue.

I am noticing that there is no 'Read Issues' permission listed in the scheme. Is there something that captures the meaning of this permission, something with a different name?

This widget could not be displayed.

"Browse" is the "read issues" permission.

Again, what, exactly, does the line for browse say? List the groups, roles, dynamic roles, and so-on.

This widget could not be displayed.

By "Browse", I take it that you mean "Browse Projects". That _is_ the only permission with the word "Browse" in it.

I did not have jira-users associated with the 'Browse Projects' permission. Now I do. And now I think that this will solve our problem. I will check when the Beijing people come on-line.

This widget could not be displayed.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published 10 hours ago in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

39 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you