-
Suggestion
-
Resolution: Duplicate
-
None
-
None
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.
The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.
A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.
- duplicates
-
JRASERVER-11564 Need a "Transition Issue" permission
- Closed
- is related to
-
JRASERVER-21857 Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project
-
- Gathering Impact
-
- relates to
-
JRACLOUD-32601 Edit permission should also apply to workflow transitions
- Closed
-
JRASERVER-11564 Need a "Transition Issue" permission
- Closed
Edit permission should also apply to workflow transitions
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.
The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.
A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.
- duplicates
-
JRASERVER-11564 Need a "Transition Issue" permission
- Closed
- is related to
-
JRASERVER-21857 Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project
-
- Gathering Impact
-
- relates to
-
JRACLOUD-32601 Edit permission should also apply to workflow transitions
- Closed
-
JRASERVER-11564 Need a "Transition Issue" permission
- Closed