Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-24792

Rework the plan/global permission handling

XMLWordPrintable

    • 1
    • 7
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Portfolio Server. Using JIRA Portfolio Cloud? See the corresponding suggestion.

      Summary

      The current implementation of the permission handling can lead to some confusing scenarios where e.g. plan permissions get bypassed by global permissions.

      The interaction of these two permission levels should be redesigned.

      Scenario

      1. Create 2 groups - read-only and portfolio-editor.
      2. Grant read-only group with Portfolio Viewer permission in Portfolio global permission.
      3. Grant portfolio-editor group with Portfolio User permission in Portfolio global permission.
      4. Create 2 users - User A and User B.
      5. Put User A in read-only and User B in portfolio-editor.
      6. Create a Portfolio plan.
      7. Configure the plan's permission to give only User B for Viewers.
      8. Login with User A and try to access the plan. It is allowing this user to view it regardless of the plan's permission.
      9. Add portfolio-editor group to plan's permission Editors.
      10. Now, User A will be blocked from accessing the plan.

      Expected Behavior

      Portfolio should only allow User B to access the plan without the need of setting a group for Editors to enforce the permission.

          Form Name

            [JSWSERVER-24792] Rework the plan/global permission handling

            Aakrity Tibrewal added a comment -

            Dear all,
            I would like to inform you that this issue in the project JPOSERVER is being migrated to the new project JSWSERVER. Your votes and comments will remain unchanged.
            Our team at Atlassian will continue to monitor this issue for further updates, so please feel free to share your thoughts or feedback in the comments.
            Sincerely,
            Aakrity Tibrewal
            Jira DC

            Aakrity Tibrewal added a comment - Dear all, I would like to inform you that this issue in the project JPOSERVER is being migrated to the new project JSWSERVER. Your votes and comments will remain unchanged. Our team at Atlassian will continue to monitor this issue for further updates, so please feel free to share your thoughts or feedback in the comments. Sincerely, Aakrity Tibrewal Jira DC

            Nicola Barton added a comment -

            I am also finding permissions difficult to make sense of.

            There are situations where I need users to have the permission levels described in the global portfolio permissions, such as restricted portfolio user, which allows the user to plan but not apply the updates to the projects.

            The only way it appears that a user can have this permission level is if the plan permission level is set to everyone so the the global permissions default kicks in.

            However, I have different plans for different clients. If I set up an 'everyone' plan permission, clients would be able to view eachothers plan, which can never happen.

            Nicola Barton added a comment - I am also finding permissions difficult to make sense of. There are situations where I need users to have the permission levels described in the global portfolio permissions, such as restricted portfolio user, which allows the user to plan but not apply the updates to the projects. The only way it appears that a user can have this permission level is if the plan permission level is set to everyone so the the global permissions default kicks in. However, I have different plans for different clients. If I set up an 'everyone' plan permission, clients would be able to view eachothers plan, which can never happen.

              Unassigned Unassigned
              msturm@atlassian.com Martin Sturm (Inactive)
              Votes:
              8 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: