[AUTO-401] Team Managed Projects: When an issue on Next-Gen (TMP) has group restrictions, automation fails to execute for lacking permissions for the Actor

Type: Bug
Resolution: Unresolved
Priority: Medium
Component/s: Site - Security & Permissions
Labels:

Symptom Severity:
Minor
UIS:
0

Issue Summary

When the user changes restriction roles to any ticket, automation fails to trigger transition rules. due missing permissions from actor (addon_com.codebarrel.addons.automation

addon_com.codebarrel.addons.automation user is not able to read issues that are restricted to other roles where this user is not assigned (by default is assigned to atlassian-addons-project-access role), you cannot add roles to this user, because security groups or the user itself is not assignable.

Steps to Reproduce

Create an automation rule that is triggered in any transition.
Create an issue.
Change restrictions to the Administrator role only.
Transition this issue.
Automation rule must fail due to a lack of permissions on Actor.

Expected Results

Rule Execution

Actual Results

Actor does not have permission to view one or more issues, or the issue was deleted (please check permissions and issue security levels):
Comment (id:10134) for issue NGS-1 (id:10163)

Workaround

Change the rule actor to a user that has permission.

is related to

AUTO-442 Automation Rule fails with permission error in Team-managed project for Issue Types with Restriction applied

Closed

relates to

JRACLOUD-83386 Projects migrated from External tools to Jira Team-Managed project using import to Jira function fails to create automation rule with actor Automation for Jira

Gathering Impact

mentioned in: Page Failed to load

mentions: PSCLOUD-50771 You do not have permission to view this issue

Jeroen van Winden added a comment - 24/Jan/2025 11:01 AM - edited

Regarding the workaround: the only option is to set another JIRA user as the actor. Although this fixes the permissions issue, this can cause confusion as the automation actions will appear as if it was a manual action from a user. For example: "User A has transitioned this issue from in progress to done".

A second workaround for that is to invite a dedicated new user to the organisation, call it 'Jira automation' and assign that as the Actor. So at least it will be clear it was an automation rule. This will however cost a dedicated Jira seat, so a fix from Jira is still very much desired (or a free Jira seat )

Jeroen van Winden added a comment - 24/Jan/2025 11:01 AM - edited Regarding the workaround: the only option is to set another JIRA user as the actor. Although this fixes the permissions issue, this can cause confusion as the automation actions will appear as if it was a manual action from a user. For example: "User A has transitioned this issue from in progress to done ". A second workaround for that is to invite a dedicated new user to the organisation, call it 'Jira automation' and assign that as the Actor. So at least it will be clear it was an automation rule. This will however cost a dedicated Jira seat, so a fix from Jira is still very much desired (or a free Jira seat )

Charlie Gavey made changes - 17/Oct/2024 11:22 PM

Labels

Original: Automation_Move_JSW jsw-s13

New: Automation_Move_JSW jsw-s13 tmp

Gabi Paludo made changes - 10/Oct/2024 5:52 PM

Link

New: This issue is related to ~~AUTO-442~~ [ ~~AUTO-442~~ ]

Gabi Paludo made changes - 10/Oct/2024 5:51 PM

Link

New: This issue relates to JRACLOUD-83220 [ JRACLOUD-83220 ]

Gabi Paludo made changes - 10/Oct/2024 5:14 PM

Link

New: This issue relates to JRACLOUD-83386 [ JRACLOUD-83386 ]

Ignacio Pulgar added a comment - 31/Jul/2023 11:34 AM

A similar issue may occur in company-managed projects which workflow contained status properties which restricted permissions.

Maybe an Automation Rule could be set to ignore status properties?

Ignacio Pulgar added a comment - 31/Jul/2023 11:34 AM A similar issue may occur in company-managed projects which workflow contained status properties which restricted permissions. Maybe an Automation Rule could be set to ignore status properties?

Tomasz Kanafa made changes - 30/Jun/2023 9:19 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 782349 ]

Vipul Reddy made changes - 29/Jun/2023 3:49 AM

Labels

Original: Automation_Move_JSW

New: Automation_Move_JSW jsw-s13

Anusha Rutnam made changes - 22/Feb/2023 3:46 AM

Component/s	Original: Automation [ 68402 ]
Component/s		New: Site - Security & Permissiions [ 70318 ]
Key	Original: JSWCLOUD-22535	New: AUTO-401
Support reference count	Original: 9
Project	Original: Jira Software Cloud [ 18511 ]	New: Automation for Cloud [ 22610 ]

Charlie Gavey made changes - 06/Oct/2022 10:13 PM

Summary

Original: When an issue on Next-Gen (TMP) has group restrictions, automation fails to execute for lacking permissions for the Actor

New: Team Managed Projects: When an issue on Next-Gen (TMP) has group restrictions, automation fails to execute for lacking permissions for the Actor

Assignee:: Unassigned

Reporter:: Cesar Arzate (Inactive)

Affected customers:: 15 This affects my team

Watchers:: 30 Start watching this issue

Created:: 07/Aug/2020 2:11 PM

Updated:: 26/Mar/2025 1:54 PM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Jeroen van Winden added a comment - 24/Jan/2025 11:01 AM, Edited by Jeroen van Winden - 24/Jan/2025 11:08 AM

Expand comment: Jeroen van Winden added a comment - 24/Jan/2025 11:01 AM, Edited by Jeroen van Winden - 24/Jan/2025 11:08 AM

Collapse comment: Ignacio Pulgar added a comment - 31/Jul/2023 11:34 AM

Expand comment: Ignacio Pulgar added a comment - 31/Jul/2023 11:34 AM

People

Dates