Yes I am doing through permission scheme. I specified which two groups can create a new issues. But all other Groups can do their function as well like tranisitioning to other steps. When other Groups log on, they see the Create butoon on Dashboard and they can create the issue but when they submit they get an error message that they don't have permission but a record is created and put in the database

That does not make any sense to me. If you have got the permissions set correctly, then your users will not be able to start issue creation. It sounds like you've set it up so everyone can still create issues, and then you're blocking creation some other way.

As for performing other transitions - check the workflow for "condtions".

Could you post the line in the permission scheme that says "create issue" - show us what you have on the right - the list of groups and roles that have create permission.

Here is my permission scheme to Create Issues:

Here is my permission to Assign Issues:

Here is my workflow:

Open (1)	Open	Submit (281) >> Submit	View Properties
Submit (2)	R2V Accepted	Accept (21) >> R2V_ES Reject (71) >> Open	View Properties
R2V_ES (3)	R2V ES	RE (81) >> R2V_RE ME (91) >> R2V_ME QE (101) >> R2V_QE PM (111) >> R2V_PM Reject (121) >> Open	View Properties
R2V_RE (4)	R2V RE	ME (131) >> R2V_ME QE (141) >> R2V_QE PM (151) >> R2V_PM Reject (161) >> Open	View Properties
R2V_ME (5)	R2V ME	QE (171) >> R2V_QE PM (181) >> R2V_PM Reject (191) >> Open	View Properties
R2V_QE (6)	R2V QE	PM (201) >> R2V_PM Reject (211) >> Open	View Properties
R2V_PM (7)	R2V PM	Accept (221) >> R2V_SL Reject (231) >> Open	View Properties
R2V_SL (8)	R2V Resolved	Reject (251) >> Open Accept (271) >> R2V_CM	View Properties
R2V_CM (9)	R2V CM	Closed (261) >> R2V_Closed	View Properties
R2V_Closed (10)	R2V Closed		View Properties

The accoount I am using to create a new issue is R2V Test Engineer.

The problem I see is my workflow does not start with Creating an Issue so it does not check any restrictions I think when issue is created. What do you think about it? Does it make sense? How I can restrict the creation of new issue through the workflow? When Create button is clicked it did bring the Create Issue Screen to the user who completes the form. Then when Submit tranisition take place it checks the permission and refuse it but the record is already created prior to that.

Ok, that's good. There's three separate things here.

First, on with the debugging for create. You've limited create issue to four sets of people. Two are simple groups, the other two are roles. Pick a single user who should NOT be able to create an issue and look at how that user is used. Check that they are NOT in either group, then check that they are not nominated in either of the roles mentioned, and then check if they are in any groups that are in any roles.

Second, you need to look at each transition in your workflow. Look at the "conditions". These will explain why users can perform transitions (if there are no conditions on a transition, then anyone can do it)

Third, let's step back from your guesses about creation and workflows. The create transition IS part of the workflow. You can find it by clicking the "open" step on your workflow and looking for a transition into it - you will find "create" there. However, the permission to create an issue is NOT done in the workflow, it happens before, in the permissions.

The fact you can get to a create screen, but not complete the creation tells me that your users DO have create permission in the project, but then something else is blocking it later. Probably a validator or a fault in a post-function. You can check those if you open the transition link I mentioned above.

I want to thank you for your help but it is still the same. I took your advice and created a brand new user just to try out and as you mentioned that user does not belong to R2V Assigned Engineer and R2V CM. Also she does not belong to either of those roles.

I looked at the "Open" step and looked at the "Create" transition. First of all it does not "Conditions", it has only "Validators" and "Post Functions". I added a validator restrict users with only create permission can execute this step but it did not do anything.

I guess my permission scheme somehow is not working? What could go wrong in there? How the permission scheme takes effect on a project?

Create new issue works perfectly but only thing it does not restrict people I want to restrict on. The part does not work on my "Submit" tranisition, I restrict people with only Create permission condition and which take effect when he/she submit and goes for that transition it gives an error message.

Why there is no "Condition" exists on "Create" transition that is hidden?

>Also she does not belong to either of those roles.

Ok, you checked groups and roles, but you have not said if you have checked the GROUPS in the ROLES. To clarify all of this, could you go into the project and look at the users section. Tell us what all three columns say in there (obviously, obscure names of individuals if you've got security worries). I'd also like to see the full list of groups your user belongs to.

>I looked at the "Open" step and looked at the "Create" transition. First of all it does not "Conditions", it has only "Validators" and "Post Functions".

Yes, that's what I was pointing you to - the whole point is that Create does NOT have conditions. The right to create issues is controlled by the create-issue-permission.

ALL the other transitions allow conditions, and that seems to be what you are missing - you need conditions like "user must be in role X" to prevent these other transitions from being done

>I added a validator restrict users with only create permission can execute this step but it did not do anything.

This is actually what could be causing the problems you are seeing after a user starts creating the issue. Your permission scheme is broken for some reason, so they can get in, but then this validator would block them when they submit.

If we can get your permissions right, then you won't need to worry about the second part at all, Jira will work as designed.

Uncategorized Projects
Launcher Development Program																	(jira-users)
Software Release to Vault (R2V)					(jira-users)		(jira-users)	(jira-users)	(jira-users)	(jira-users)	(jira-users)	(jira-users)	(jira-users)		(R2V-Test Engineer, jira-users)		(jira-users)

I did not get the part you are talking about Groups in the role. I have almost one to one correspondence between groups and roles. Is there a way I can call you? Are you in the USA?

I deleted the Project Roles from creating a new Issue and thats took care of my problem. So I have to find out more about project rolse works and use that.

Thank you very much for your help.

I think you found it then - the problem seems to be that although your permission scheme is fine for individual users, you had not accounted for putting groups into roles as well.

The idea there is that groups are global. As a user, I belong to groups A, B and C. You can use groups directly in a permission scheme (so, if you say "group A can create", then I get create rights). You can then put users into a project, if the permission scheme says so. Let's say scheme says "people in the role of "Penguin" can create issues". I would get create rights as soon as you added me to the role of "Penguin". The missing part, if I have read correctly, is that you put "group C" into the role of "Penguin" as well. As I'm in group C, I get the role of Penguin, and can hence create issues...