Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-80992

No projects are showing for Jira admin

XMLWordPrintable

      Issue Summary

      With Jira admin access, and the global permission Administer Jira I'm not able to see any project if I don't have Browse Projects in any project
      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Create a Jira instance
      2. Create two projects different company management projects
      3. Go to Settings> Permission Scheme
      4. Associate different schemes to each project
      5. Go to scheme 1 and remove the browser project permission
      6. Go to scheme 2 and remove the browser project permission
      7. The project page is now showing the message You currently have no projects
      8. Go to settings> Issues edit scheme 1 and grant browser project back
      9. All two projects are visible now

      Expected Results

      For the Jira admin, all projects should be visible all the time

      Actual Results

      No projects are not showing if the admin doesn't have admin permission for any project

      Workaround

      Grant browser permission to the admins' group for at least one project

        1. screenshot-1.png
          screenshot-1.png
          116 kB

            [JRACLOUD-80992] No projects are showing for Jira admin

            Vlad Kolotoff added a comment -

            See my previous comment

            Vlad Kolotoff added a comment - See my previous comment

            Vlad Kolotoff added a comment -

            Hi 78538e785fe1 , we have been analysed this defect internally (team Everest). I can confirm we could reproduce this defect, this also affects some REST APIs in the same manner (negative response if all permission schemes have no BROWSE_PROJECT permission). 

            However, this appears to be working as expected. This is due to some fundamental system design choices made in the permission domain. See a response from a principal engineer Olli Nevalainen: 

            >>>
            philosophically I think we’ve been going in the direction where instead letting site admins bypass permissions, we give them enough access that they can grant themselves the permissions they need
            <<<

             

            Basically this means that even though system admins may not see all projects, they are able to go to edit permission schemes screen and add themselves to BROWSE_PROJECT permissions.

             

            Also this user case is fairly unrealistic, there won't be any real tenants which has no "BROWSE_PROJECT" permission granted, this is deemed as misconfigured instance.

            Vlad Kolotoff added a comment - Hi 78538e785fe1 , we have been analysed this defect internally (team Everest). I can confirm we could reproduce this defect, this also affects some REST APIs in the same manner (negative response if all permission schemes have no BROWSE_PROJECT permission).  However, this appears to be working as expected. This is due to some fundamental system design choices made in the permission domain. See a response from a principal engineer Olli Nevalainen:  >>> philosophically I think we’ve been going in the direction where instead letting site admins bypass permissions, we give them enough access that they can grant themselves the permissions they need <<<   Basically this means that even though system admins may not see all projects, they are able to go to edit permission schemes screen and add themselves to BROWSE_PROJECT permissions.   Also this user case is fairly unrealistic, there won't be any real tenants which has no "BROWSE_PROJECT" permission granted, this is deemed as misconfigured instance.

              Unassigned Unassigned
              78538e785fe1 Lígia Zanchet
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: