[JRASERVER-32601] Edit permission should also apply to workflow transitions - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Duplicate
Fix Version/s: None
Component/s: None
Labels:
- affects-cloud
- affects-server

Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.

The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.

A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.

duplicates

JRASERVER-11564 Need a "Transition Issue" permission

Closed

is related to

JRASERVER-21857 Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project

Gathering Impact

relates to

JRACLOUD-32601 Edit permission should also apply to workflow transitions

Closed

JRASERVER-11564 Need a "Transition Issue" permission

Closed

Loading...

Type: Suggestion
Resolution: Duplicate
Fix Version/s: None
Component/s: None
Labels:
- affects-cloud
- affects-server

Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.

The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.

A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.

duplicates

JRASERVER-11564 Need a "Transition Issue" permission

Closed

is related to

JRASERVER-21857 Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project

Gathering Impact

relates to

JRACLOUD-32601 Edit permission should also apply to workflow transitions

Closed

JRASERVER-11564 Need a "Transition Issue" permission

Closed

Assignee:: Unassigned

Reporter:: MattS

Votes:: 9 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 15/Apr/2013 5:26 PM

Updated:: 19/Sep/2019 6:04 AM

Resolved:: 03/Mar/2015 12:25 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

People

Dates