Issue Summary

Users with proper access to an Assets Object Schema may get a popup error when trying to edit an email action within an Assets automation rule.

There will be a failure when loading the Jira recipients which may lead to loss of configuration details.

The problem doesn't affect users with global Assets Administrator role

Steps to Reproduce

1. Install vanilla instance of Jira Service Management (JSM) Data Center (DC).
   • This was validated on JSM DC versions 5.4.21, 5.12.8 and 5.16.0
2. Authenticate as a Jira system administrator.
3. Create a regular user with JSM application access.
4. Create an empty Assets Object Schema.
5. Go to the Object Schema roles configuration and add the regular user as Object Schema Manager.
   
6. Within the Object Schema configuration, go to Automation and create a new rule.
7. Configure the new rule as follows.
   • WHEN – Trigger: Attachment added.
     • The selected trigger is not relevant to the bug recreation.
   • IF – leave it empty.
   • THEN – Action: email notification.
     • Add both the Jira administrator and the regular user as the Jira recipients.
     • Add a sample subject and message, and save the action.
     • At the end the action configuration may look like the below.
       
8. Give a name to the automation rule and save it.
9. Authenticate to Jira as the regular user.
10. Access the configuration of the test Assets Object Schema.
11. Go to the Automation tab and edit the test rule.
12. Click on the THEN box and select Edit within the email notification action.

Expected Results

The email notification action configuration loads properly without any error on the UI.
All the components of the action configuration are loaded without any loss of details.

Actual Results

Loading the email notification action configuration fails with an error similar to the below.

Sorry, you do not have permission to perform this action. PermissionInsightException: User JIRAUSERXXXXX didn't have correct permission (admin).

The Jira Recipients configuration is missing its value, giving the user the perception there weren't any recipients configured for this action.
Changing the action is allowed, meaning previous configuration may be lost.

Looking at the browser developer tools, the below request is causing the problem.

GET
	<Jira-Base-URL>/rest/insight/1.0/user/keys?userkeys=admin&userkeys=JIRAUSER10700&atl_token=FULI-8YV7-7DYJ-7DQJ_dfc7acfc614732ef863b86a6d5ba14eb5987f5e6_lin&_=1718122919166

Only users with Assets Administrator role are allowed to run this REST API request.
For regular users it throws an HTTP 403 status with the following response:

{
    "errorMessages": ["Sorry, you do not have permission to perform this action. PermissionInsightException: User JIRAUSERXXXXX didn't have correct permission (admin)."],
    "errors": {}
}

Workaround

Temporarily assign the user to the Assets Administrator role.