-
Suggestion
-
Resolution: Timed out
-
0
-
4
-
Update 1 March 2024
I believe that the behaviour described in this ticket is in fact expected behaviour (albeit confusing behaviour).
Our docs specify:
When a user is added to a team-managed project, they automatically gain the following permissions:
- Browse project
- View project
- View issues
Therefore I think the Expected Results in this ticket's Description is incorrect and this is not a bug.
That said, I think the functionality is confusing since in company-managed projects the Create issues and Browse Projects project permissions are separate. With this in mind, I am converting this ticket from a Bug to a Suggestion.
Original Description
Issue Summary
Currently, in the Team Managed project, the custom role created by the admin doesn't obey the granted permission.
That can happen with any permission: e.g. Add comment, create issue, etc.
Steps to Reproduce
- In the Private Team Managed project create a new custom role to only grant create issue
- Assign the role to a user
Expected Results
User to only create new issues and won't be able to view other issues
Actual Results
Users can view other issues although they have not been granted the permission
Workaround
No workaround in the Team Managed project
To use Company managed project
UPDATE: using security levels on the issues will block users' access:
- is duplicated by
-
JRACLOUD-78961 Team-managed projects - The project permission "Create issue" is allowing users to edit the project issues.
-
- Closed
-
- is related to
-
- Closed
- relates to
-
-
- Closed
-