Issue level permissions problem

Owned by Jack (Hunter) Jaroczynski (Unlicensed)
Last updated: Apr 10, 2017
3 min read

JIRA allows to set permissions on a project level basis as explained in JIRA documentation.

Nevertheless it is possible to configure JIRA permissions on an issue level basis so users get different permissions for different issues in the same project. 

Hide Time Tracking add-on might not work correctly when issue level permissions are used.

Issue level permissions

Issue level permission can be achieved through "dynamic user" fields which values can differ on an issue basis (e.g. "Assignee" or "Group Custom Field"). 

Screenshot below presents WORK ON ISSUES permission configured on an issue level basis:

Hide Time Tracking add-on 

Hide Time Tracking add-on checks project level permissions and, in most cases, is not aware of the single issue environment, i.e. permission depending on the Assignee or Group custom field.
Therefore it is not recommend to use issue level permissions because Hide Time Tracking add-on might not hide time tracking information correctly. 

Issue level permissions are correctly recognised only on a full page single Issue View (it does not include Agile boards Issue Details view or Issue Search/Navigator).

In other places, Hide Time Tracking add-on does not have enough information so it must rely on a project level permissions.

There is an open request on our backlog to solve that problem but due to technical obstacles it is not possible to hide time tracking correctly if issue level permissions are used within project.

For more information about the problem, including examples/scenarios of the issue level permissions, please visit the aforementioned JIRA issue at https://gebsun.atlassian.net/browse/HTT-23

Checking permissions

Project and issue level permissions can be easily retrieved through JIRA REST API. 

In the below example we use curl command in terminal (command line) to send https requests to JIRA.

Sending request to JIRA

Following commands can be used to determine project and issue permissions for a user (please replace userpasswordjira-url, DEMO and DEMO-1 with your JIRA data):

Find project permissions
curl -u user:password -X GET -H "Content-Type: application/json" https://jira-url/rest/api/2/mypermissions?projectKey=DEMO
Find issue permissions
curl -u user:password -X GET -H "Content-Type: application/json" https://jira-url/rest/api/2/mypermissions?issueKey=DEMO-1

Getting the output

The output returned by the above commands is in JSON format and might contain different permissions for a project and an issue inside this project:

Project permission - "true"
"WORK_ON_ISSUES": 
{
            "description": "Ability to log work done against an issue. Only useful if Time Tracking is turned on.",
            "havePermission": true,
            "id": "20",
            "key": "WORK_ON_ISSUES",
            "name": "Work On Issues",
            "type": "PROJECT"
}
Issue permission - "false"
"WORK_ON_ISSUES": {
            "description": "Ability to log work done against an issue. Only useful if Time Tracking is turned on.",
            "havePermission": false,
            "id": "320",
            "key": "WORK_ON_ISSUES",
            "name": "Work On Issues",
            "type": "PROJECT"
}

Please notice "havePermission": true for project versus "havePermission": false for issue in the above output.