Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-89296

Rework the plan/global permission handling

XMLWordPrintable

    • 0
    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Portfolio Cloud. Using JIRA Portfolio Server? See the corresponding suggestion.

      Summary

      The current implementation of the permission handling can lead to some confusing scenarios where e.g. plan permissions get bypassed by global permissions.

      The interaction of these two permission levels should be redesigned.

      Scenario

      1. Create 2 groups - read-only and portfolio-editor.
      2. Grant read-only group with Portfolio Viewer permission in Portfolio global permission.
      3. Grant portfolio-editor group with Portfolio User permission in Portfolio global permission.
      4. Create 2 users - User A and User B.
      5. Put User A in read-only and User B in portfolio-editor.
      6. Create a Portfolio plan.
      7. Configure the plan's permission to give only User B for Viewers.
      8. Login with User A and try to access the plan. It is allowing this user to view it regardless of the plan's permission.
      9. Add portfolio-editor group to plan's permission Editors.
      10. Now, User A will be blocked from accessing the plan.

      Expected Behavior

      Portfolio should only allow User B to access the plan without the need of setting a group for Editors to enforce the permission.

              Unassigned Unassigned
              msturm@atlassian.com Martin Sturm (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: