Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-20524

Permission to edit project role membership

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Hi,

      When JIRA (3.13.5-#360) had been put into production at Gazprombank, the requirement of JIRA administrators and information security administrators was that Project Administrators should not be able to change project role membership.

      According to the approach used at Gazprombank any changes to user rights and permissions (in case of JIRA, project role membership) are performed only by administrators who act according to applications confirmed by information security administrators.

      So we were forced to customize JIRA functionality in this part.

      Namely, we replaced DefaultProjectRoleService.class (\atlassian-jira\WEB-INF\classes\com\atlassian\jira\bc\projectroles) with a changed class (the modifications include calls to hasAdminPermission(currentUser) function):

      1) method removeActorsFromProjectRole

      if (hasProjectRolePermission(currentUser, project) && hasAdminPermission(currentUser) )

      2) method updateActorsToProjectRole

      if (!internalError && hasProjectRolePermission(currentUser, ProjectRoleProject ) && hasAdminPermission(currentUser) && actors.size() > 0)
      ...
      else if (!hasProjectRolePermission(currentUser, projectRoleProject) || !hasAdminPermission(currentUser) )

      We needed a quick way to do that so we acted like this (sorry!).

      However, our suggestion for future versions of JIRA is to divide Administer Projects permission into two separate permissions:

      1) Administer Projects (ability to edit project components, project versions, and some project details ('Project Name', 'URL', 'Project Lead', 'Project
      Description'));

      2) Administer Project Role Membership (to edit project role membership).

      Please, consider this suggestion to be implemented in JIRA.

      Regards,
      Roman Volynets

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              85f7c3b6798b Roman Volynets
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: