[JSWSERVER-24792] Rework the plan/global permission handling

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: (Advanced Roadmaps) Permissions
Labels:
- DC-150
- Plan-Permiss
- affects-server
- jpos_1028
- ril

UIS:
1
Support reference count:
7
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Portfolio Server. Using JIRA Portfolio Cloud? See the corresponding suggestion.

Summary

The current implementation of the permission handling can lead to some confusing scenarios where e.g. plan permissions get bypassed by global permissions.

The interaction of these two permission levels should be redesigned.

Scenario

Create 2 groups - read-only and portfolio-editor.
Grant read-only group with Portfolio Viewer permission in Portfolio global permission.
Grant portfolio-editor group with Portfolio User permission in Portfolio global permission.
Create 2 users - User A and User B.
Put User A in read-only and User B in portfolio-editor.
Create a Portfolio plan.
Configure the plan's permission to give only User B for Viewers.
Login with User A and try to access the plan. It is allowing this user to view it regardless of the plan's permission.
Add portfolio-editor group to plan's permission Editors.
Now, User A will be blocked from accessing the plan.

Expected Behavior

Portfolio should only allow User B to access the plan without the need of setting a group for Editors to enforce the permission.

relates to

JPOSERVER-1785 Allow setting of plan-level permission during Plan creation wizard

Closed

JRACLOUD-89296 Rework the plan/global permission handling

Closed

JPOSERVER-1769 Limit user view of plans

Gathering Interest

links to

Internal ticket

mentioned in: Page Failed to load; Page Loading...

(1 mentioned in)

Marc Dacanay made changes - 15/Jan/2025 4:44 AM

Labels

Original: DC-150 Plan-Permiss affects-server jpos_1028

New: DC-150 Plan-Permiss affects-server jpos_1028 ril

Marc Dacanay made changes - 15/Jan/2025 4:44 AM

Remote Link

New: This issue links to "Internal ticket (Web Link)" [ 979414 ]

SET Analytics Bot made changes - 30/Jan/2024 2:17 AM

UIS

Original: 2

New: 1

SET Analytics Bot made changes - 14/Oct/2023 2:51 AM

UIS

Original: 0

New: 2

Aakrity Tibrewal made changes - 09/Oct/2023 12:21 PM

Component/s		New: (Advanced Roadmaps) Permissions [ 73713 ]
Key	Original: JPOSERVER-1220	New: JSWSERVER-24792
Affects Version/s	Original: 2.1.5 [ 64745 ]
Project	Original: Advanced Roadmaps [ 16510 ]	New: Jira Software Server and Data Center [ 12200 ]

Stasiu made changes - 15/Sep/2023 8:28 AM

Labels

Original: DC-150 affects-server jpos_1028

New: DC-150 Plan-Permiss affects-server jpos_1028

Andrzej Kotas made changes - 04/Aug/2022 9:01 AM

Labels

Original: affects-server jpos_1028

New: DC-150 affects-server jpos_1028

SET Analytics Bot made changes - 13/Feb/2021 1:41 AM

UIS

Original: 62

New: 0

SET Analytics Bot made changes - 01/May/2020 1:20 AM

UIS

Original: 68

New: 62

SET Analytics Bot made changes - 18/Apr/2020 1:33 AM

UIS

Original: 69

New: 68

Assignee:: Unassigned

Reporter:: Martin Sturm (Inactive)

Votes:: 8 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 11/Dec/2015 7:47 AM

Updated:: 15/Jan/2025 4:44 AM

Jira Software Data Center

Details

Description

Summary

Scenario

Expected Behavior

Attachments

Issue Links

Forms

Activity

People

Dates

Backbone Issue Sync