As we have seen in one of the previous recipes, the Browse Projects permission controls who can access a project in JIRA. In this recipe, we will set up permissions so that users can only see projects they can create issues in and not the projects they cannot.
Since we will be making direct changes to a JIRA system file, make sure you create backups for any modified files. This recipe will also require a restart of JIRA, so plan this during a time slot that will not affect your users.
To restrict access to projects based on who can or cannot report criterion, you will first need to enable a special permission type:
permission-types.xml
file from the <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes
directory in a text editor.reportercreate
permission type:<!-- Uncomment & use this permission to show only projects where the user has create permission and issues within that where they are the reporter. --> <!-- This permission type should only ever be assigned to the "Browse Projects" permission. --> <!-- Other permissions can use the "reporter" or "create" permission type as appropriate. --> <!-- <type id="reportercreate" enterprise="true"> <class>com.atlassian.jira.security.type.CurrentReporterHasCreatePermission</class> </type> -->
Once the reportercreate
permission type is enabled, there will be a new Reporter tab (which shows only projects with create permissions) while working with permission schemes, as shown in the following screenshot. Projects with permission schemes that use this option for the Browse Projects permission can only be viewed by users who can create issues in them.
The reportercreate
permission type will check whether the current user has permission to create issues in a given project. This is different than the default reporter or the current reporter permission type, which will make the project visible to all users.
Also, take note that this permission should only be applied to the Browse Projects permission. If applied to other permissions, especially the Create Issues permission, it will cause JIRA to go into an infinite loop, and this is the reason why this permission type is disabled by default.
There is also a similar Assignee (show only projects with assignable permission) permission type, which can be enabled in the permission-types.xml
file. Similar to the reporter equivalent, this permission type will check whether users can be assigned issues in the project. Just like the reporter permission type, this should only be applied to the Browse Projects permission:
<!-- Uncomment & use this permission to show only projects where the user has the assignable permission and issues within that where they are the assignee --> <!-- This permission type should only ever be assigned to the "Browse Projects" permission. --> <!-- Other permissions can use the "reporter" or "create" permission type as appropriate. --> <!-- <type id="assigneeassignable" enterprise="true"> <class>com.atlassian.jira.security.type.CurrentAssigneeHasAssignablePermission</class> </type> -->