As we have seen in one of the previous recipes, the Browse Projects permission controls who can access a project in JIRA. In this recipe, we will set up permissions so that users can only see projects they can create issues in and not the projects they cannot.
Since we will be making direct changes to a JIRA system file, make sure you create backups for any modified files. This recipe will also require a restart of JIRA, so plan this during a time slot that will not affect your users.
To restrict access to projects based on who can or cannot report criterion, you will first need to enable a special permission type:
- Open the
permission-types.xmlfile from the<JIRA_INSTALL>/atlassian-jira/WEB-INF/classesdirectory in a text editor. - Locate the following lines and uncomment the
reportercreatepermission type:<!-- Uncomment & use this permission to show only projects where the user has create permission and issues within that where they are the reporter. --> <!-- This permission type should only ever be assigned to the "Browse Projects" permission. --> <!-- Other permissions can use the "reporter" or "create" permission type as appropriate. --> <!-- <type id="reportercreate" enterprise="true"> <class>com.atlassian.jira.security.type.CurrentReporterHasCreatePermission</class> </type> -->
- Restart JIRA for the changes to apply.
Once the reportercreate permission type is enabled, there will be a new Reporter tab (which shows only projects with create permissions) while working with permission schemes, as shown in the following screenshot. Projects with permission schemes that use this option for the Browse Projects permission can only be viewed by users who can create issues in them.
The reportercreate permission type will check whether the current user has permission to create issues in a given project. This is different than the default reporter or the current reporter permission type, which will make the project visible to all users.
Also, take note that this permission should only be applied to the Browse Projects permission. If applied to other permissions, especially the Create Issues permission, it will cause JIRA to go into an infinite loop, and this is the reason why this permission type is disabled by default.
There is also a similar Assignee (show only projects with assignable permission) permission type, which can be enabled in the permission-types.xml file. Similar to the reporter equivalent, this permission type will check whether users can be assigned issues in the project. Just like the reporter permission type, this should only be applied to the Browse Projects permission:
<!-- Uncomment & use this permission to show only projects where the user has the assignable permission and issues within that where they are the assignee --> <!-- This permission type should only ever be assigned to the "Browse Projects" permission. --> <!-- Other permissions can use the "reporter" or "create" permission type as appropriate. --> <!-- <type id="assigneeassignable" enterprise="true"> <class>com.atlassian.jira.security.type.CurrentAssigneeHasAssignablePermission</class> </type> -->