JIRA allows to set permissions on a project level basis as explained in JIRA documentation.
Nevertheless it is possible to configure JIRA permissions on an issue level basis so users get different permissions for different issues in the same project.
Hide Time Tracking add-on might not work correctly when issue level permissions are used.
Issue level permissions
Issue level permission can be achieved through "dynamic user" fields which values can differ on an issue basis (e.g. "Assignee" or "Group Custom Field").
Screenshot below presents WORK ON ISSUES permission configured on an issue level basis:
Hide Time Tracking add-on
Hide Time Tracking add-on checks project level permissions and, in most cases, is not aware of the single issue environment, i.e. permission depending on the Assignee or Group custom field.
Therefore it is not recommend to use issue level permissions because Hide Time Tracking add-on might not hide time tracking information correctly.
Issue level permissions are correctly recognised only on a full page single Issue View (it does not include Agile boards Issue Details view or Issue Search/Navigator).
In other places, Hide Time Tracking add-on does not have enough information so it must rely on a project level permissions.
There is an open request on our backlog to solve that problem but due to technical obstacles it is not possible to hide time tracking correctly if issue level permissions are used within project.
For more information about the problem, including examples/scenarios of the issue level permissions, please visit the aforementioned JIRA issue at https://gebsun.atlassian.net/browse/HTT-23
Checking permissions
Project and issue level permissions can be easily retrieved through JIRA REST API.
In the below example we use curl
command to send https requests to JIRA from the command line (terminal).
Sending request to JIRA
Following commands can be used to determine project and issue permissions for a user (please replace user, password, jira-url, DEMO and DEMO-1 with your JIRA data):
curl -u user:password -X GET -H "Content-Type: application/json" https://jira-url/rest/api/2/mypermissions?projectKey=DEMO
curl -u user:password -X GET -H "Content-Type: application/json" https://jira-url/rest/api/2/mypermissions?issueKey=DEMO-1
Getting the output
The output returned by the above commands is in JSON format and might contain different permissions for a project and an issue inside this project:
"WORK_ON_ISSUES": { "description": "Ability to log work done against an issue. Only useful if Time Tracking is turned on.", "havePermission": true, "id": "20", "key": "WORK_ON_ISSUES", "name": "Work On Issues", "type": "PROJECT" }
"WORK_ON_ISSUES": { "description": "Ability to log work done against an issue. Only useful if Time Tracking is turned on.", "havePermission": false, "id": "20", "key": "WORK_ON_ISSUES", "name": "Work On Issues", "type": "PROJECT" }
Add Comment