Uploaded image for project: 'Automation for Jira Server'
  1. Automation for Jira Server
  2. JIRAAUTOSERVER-1030

No validation happening while trying to publish rule where Actor user has insufficient permissions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 9.0.3, 9.1.1
    • Actions
    • None
    • Severity 3 - Minor

      Issue Summary

      In case the A4J rule contains ScriptRunner's "Execute a ScriptRunner Script" action and Actor user doesn't have sufficient permissions for executing it (require Jira administrators global permission), rule execution will fail. 

      However, such a rule could be successfully saved/published, and at that moment, no validation against the required permission will happen.

      Steps to Reproduce

      1. Create any A4J rule. The rule could have any trigger/action configuration and the only requirement it should include "Execute a ScriptRunner Script" action. It doesn't matter whether the action will run an external script or an inline one.
      2. Set as rule's Actor a user account without Jira administrators global permission.
      3. Publish/save rule.

      Expected Results

      The publishing rule should fail, and an error reported that the Actor user doesn't have sufficient permission to successfully execute the rule.

      Actual Results

      The rule could be saved/published successfully without any error. However, further rule execution will fail due to a lack of required permissions.

      Workaround

      Currently, there is no known workaround for this behaviour. A workaround will be added here when available

            Unassigned Unassigned
            e7e12f16f891 Alexander Artemenko
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: