Uploaded image for project: 'Jira Software Server and Data Center'
  1. Jira Software Server and Data Center
  2. JSWSERVER-13986

Epic Link field allows selection of unlinkable Epics without warning/error

    XMLWordPrintable

Details

    • 300
    • 6
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Atlassian Update - 26 Jan 2021

      Hi everyone,

      Starting from version 8.16.0, Jira will display an inline error message next to the "Epic Link" field if a user tries to use an Epic that they don't have edit permissions to.

      Regards,
      Daniel Rauf
      Software Engineer, Jira Data Center

      OVERVIEW

      The "Epic Link" field on screens (e.g. during issue creation or editing) shows all Epics in projects for which the user has the "Browse Projects" permission. However, in order to actually create the link the user needs the "Edit Issues" permission for both the Epic and the issue being created/edited (note: not the "Link Issues" permission). If the user attempts to create/edit an issue and link to an Epic that the user does not have permission to link to (i.e. in another project with different permissions), no error or warning is given on saving the changes and the resulting Epic Link field is left blank.

      STEPS TO REPRODUCE

      1. Create two projects PROJA and PROJB.
      2. Create an epic in PROJA.
      3. Create a user and grant them only the "Browse Projects" permission for PROJA, and all permissions for PROJB.
      4. Log in as the above user.
      5. Create an issue in PROJB and use the "Epic Link" field to find the epic created in PROJA.
      6. Having created the issue, verify that no warning/error was given to say that the user doesn't have permission to link to the selected epic, and that the Epic Link field has been left empty.

      USE CASE

      We have a large number of teams working on a single JIRA instance across multiple projects. For reasons I won't go into (but can if need be), it is common for work in one project to be linked to an Epic in another. We also want to allow everyone to be able to "view" what is going on across the business in all projects, but want to control who can link to Epics in specific projects. Hence, all users are granted the "Browse Projects" permission, but further permissions are granted on a project by project basis, and users are only able to link to a small fraction of the projects which they can view.

      The problems this bug causes with this use case are:

      1. A large number of Epics (several hundred in our case) are made available to a user even though they can't link to them in reality. Some other recent changes have made finding Epics easier, but it is still frustrating to have so many irrelevant Epics in the field.
      2. If a mistake is made (very easy when many projects have similarly named Epics) and an unlinkable Epic is selected, the lack of warning/error means that this can go unnoticed by users, and can be much harder to rectify in hindsight.

      SUGGESTED FIXES

      My preferred solution would be for the Epic Link field to only show Epics which the user can link to. If there is a reason I can't foresee for wanting to have unlinkable Epics in the screen, then at least providing a warning or preferably an error when the link is attempted would also be helpful, but would in the end only serve to highlight the underlying problem with the Epics shown in the Epic Link field.

      Attachments

        Issue Links

          Activity

            People

              drauf Daniel Rauf
              paul.thomas1 Paul Thomas
              Votes:
              93 Vote for this issue
              Watchers:
              75 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: