User in us can create, see issues, user in cn can only create

This seems odd. I received a report from a colleague of mine in Beijing. He can create issues in our JIRA server, which is run here in California, but he is not able to read any issues, even those he created.

I checked the Permission Schemes. We are using only one. I checked the project. I checked which groups he is in. Then I noticed another user. She is in exactly the same groups. She sits across the hall from me, here in CA. She can create issues and see them and has no problems with this.

So, what is there to look at here? Permission Schemes. Projects. Groups. What else is there that can block access?

6 answers

1 accepted

Accepted Answer
0 votes

Permission scheme is the first thing to check, although there's only two important lines for this problem. (Also, just make sure the scheme you are looking at is definitely associated with the project)

Look very carefully at "browse" permission - what *exactly* have you got on that line? Does it say something like "assignee, group X, group Y and role Z". How exactly does your Beijing user match that? Are they in one or more groups? Roles in the project? Etc.

The second line in the permission scheme is "security level". This is tied to the "security scheme" on the project header. Most people don't use this much, so rather than ramble at length here, can you just look at the project settings - if the security scheme is set to "none", it's not this.

It sounds like a security level issue. Your Beijing colleague has Create Issue permission in that project. However the default security level does not contain the group/project role his is in as well as the reporter. So he can create an issue but is not allowed to see it anymore. We fumbled over a similar situation.


Our JIRA says:

You do not currently have any issue security schemes configured.

Excellent, that completely rules out that one, so it must be the permissions.

What, exactly, do you have in the permission scheme for "browse"? (Be interesting to look at "create issue" as well...)

By "Browse", I take it that you mean "Browse Projects". That _is_ the only permission with the word "Browse" in it.

I did not have jira-users associated with the 'Browse Projects' permission. Now I do. And now I think that this will solve our problem. I will check when the Beijing people come on-line.

Yes, sorry, I forget it's "browse projects", I don't even look at the words any more. Familiarity etc :-(

I really do think your user is failing to match something in the browse permissions. Jira-users group should fix it though - by default it is used to mean "can log in", so although it's a bit "sledgehammer to crack a nut", it is an excellent way to test it! If it works, then you know it's definitely your browse-project membership that's causing it.

You could check the project roles. Also verify the userid by looking at the JIRA user's and seeing id the China user may be using another userid.

I see that the Beijing user did create an issue in the project at the time I expected. I think this verifies that he is logging in as the user I expect.

We mostly just use the groups jira-users, jira-developers and testers. The "testers" group is the only one able to do a few things. The jira-developers group can do pretty much anything. The users here in CA and in CN are both in the jira-users group. I added this group to the 'Browse Projects' permission in the scheme. I do not think this will fix the issue.

I am noticing that there is no 'Read Issues' permission listed in the scheme. Is there something that captures the meaning of this permission, something with a different name?

0 votes

"Browse" is the "read issues" permission.

Again, what, exactly, does the line for browse say? List the groups, roles, dynamic roles, and so-on.

By "Browse", I take it that you mean "Browse Projects". That _is_ the only permission with the word "Browse" in it.

I did not have jira-users associated with the 'Browse Projects' permission. Now I do. And now I think that this will solve our problem. I will check when the Beijing people come on-line.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published 30m ago in Sourcetree

Tip from the team: configure your repos for hosting goodness!

Supported Platforms macOS Windows We recently introduced support for additional hosting services such as GitHub Enterprise, GitLab (Cloud, Community Edition, Enterprise Edition), and...

11 views 0 1
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you