Hello community!
In the permissions scheme of the project, we need to give the reporter the ability to use attachments in some statuses. In other statuses disable:
The reporter in the project has the role of "developers".
We do the following:
remove all project roles;
In a certain state, we set the properties:
jira.permission.attach.projectrole = 10001 (this is the project's role for developers).
But the reporter still cannot manage the attachments.
Please tell me, how can i set jira.permission.attach.reporter = true in status?
Regards,
Alexander
Hello @Alexander
I'm afraid, it only works the other way around: first of all you need to grant all necessary permissions in the permission scheme and then define via workflow properties who can in fact do what.
In your case, you need to grant the attachment permissions to the developers and then restrict it to the administrators in every status it needs to be restricted.
Hope this article will help you: https://www.j-tricks.com/tutorials/permissions-based-on-workflow-status
Good luck ;-)
Hi @Nadine Schütt 
Hmm, how right disable permissions develepoers on attachements in statused?
But how disable permission attachments reporter in status??
We need the reporter to not invest in a certain status.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Alexander
So, did you try
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
no no no, i tried disabled attachments for reporter, developers in permission scheme.
After this add jira.permission.attach.projectrole = 10001 (this is the project's role for developers) in certain status.
But reporter not can do attachements.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have to admit I'm getting slightly confused so could you please verify your exact requirements again.
I understood that
Is this correct?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes!
But better this way:
It is assumed that the reporter usually does not have the right to make attachments, but
have the permission to create attachments in certain workflow status only
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, but unfortunately the way you want it to be handled it not supported by Jira.
You cannot provide permissions by setting up workflow properties per status but instead, you must add permissions in the permission scheme first and then add workflow properties to restrict them again.
Hence, please try what I have written before and let me know how its works:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But this is a disabled on the removal attachments.
We need jira.permission.attachcreate.reporter=denied
but this is not works :(
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I see, sorry, got it wrong.
Should be
jira.permission.attach.reporter=denied
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry if this is a stupid question but have you also added the reporter to your permission scheme for Create Attachments? It's not sufficient if the reporter user gets this permissions by being member of the developers group.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Nadine Schütt 
Yes, I added the reporter to my permission scheme for Create Attachments.
Yes, my reporter is in developers project role.
No, i didn't add developers in my permission scheme for Create Attachments.
I add this key jira.permission.attach.reporter=denied but reporter can add attachments.
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Alexander
I have re-read the instructions and apparently, the syntax has changed. Hence, I have tested it myself with the following expression:
jira.permission.attach.denied = reporter
It did work as expected so maybe you want to give that a go?
By the way, sorry for the confusion, I am normally using it the other way around: explicitly adding all the project roles and groups which are allowed to do something rather than just adding the one that is restricted.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If I need to disable attachments for a project role, I need to set:
Jira.permission.attach.denied = (role id of the project) ??
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It should be
jira.permission.attach.denied.projectrole = <id of projectrole>
If it's more than one projectrole, it should be
jira.permission.attach.denied.projectrole.1 = <id of projectrole>
jira.permission.attach.denied.projectrole.2 = <id of projectrole>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have one problem.
If we added jira.permission.attach.denied = reporter, then other project roles cannot make attachments either, although they are in the permissions scheme.
oops! :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Weird, didn't work for me either.
Maybe you try it the other way around - rather than adding all the objects denied, add the ones who are allowed to add attachments in the specific workflow status.
If you have reporter, projectrole 10001 and projectrole 10002 referenced for create attachment permission in the permission scheme and only projectrole 10001 should be allowed to create attachment in a status, add the following property:
jira.permission.attach.projectrole = 10001
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Try
jira.permission.attach = reporter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What exactly isn't working?
Are you testing with a user who is the reporter of a ticket and does not have any other project roles allowing him to create attachments via the permission scheme and this user cannot create attachments in a specific state even though you added this last workflow property?
What about jira.permission.attach.reporter = granted?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Nadine Schütt 
I deleted almost all permissions in permissions scheme on the attachments . First added in the status of jira.permission.attach = reporter - does not work. Then added jira.permission.attach.reporter = granted - also does not work.
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Alexander
I have tested jira.permission.attach.reporter = granted myself and it did work. Is the reporter still set for create attachments in the permission scheme?
Is you scenario that you have people working on tasks who are in the group developers and than you have another group of people who can simple log tickets as reporters and as such have limited permissions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1. "Is the reporter still set for create attachments in the permission scheme?" - No, the reporter disabled in create attachments permission scheme
2.No, every reporter is in the group of project developers.
Immediately answer in advance:
3.Yes, I made a jira.permission.attach.group for a group of developers.
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Alexander
I honestly don't think that what you want to do can be achieved in Jira.
First of all, before you add or restrict a permission on a workflow status, you must add this permission to the permission scheme. Hence, if you want to work with jira.permission.attach.reporter = granted you need to provide create attachment permissions to the reporter.
Moreover, I think it's sufficient for a user to fulfil one of the permission conditions on a workflow status to be granted that permission. So, considering both the reporter and the developers group are allowed to create attachments via the permission scheme and you add jira.permission.attach.group = developers to a workflow status, the reporter could still create attachments if he is in the developers group.
What is the actual use case of your requirement? You have a group of developers working on somethings and they can create attachments in certain workflow status unless they have reported a specific issue?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Nadine Schütt 
We got it:
It is necessary to allow everyone to make attachments. And in the required statuses, in addition to jira.permission.attach.denied = reporter, addes the allowing rule jira.permission.attach.projectrole = (id role).
In this way, we can make a hard constraint on the reporter, but not limit developers.
Thanks for your help!
Best Regards,
Alexander
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.