Hi @Nadine Schütt 
Hmm, how right disable permissions develepoers on attachements in statused?
But how disable permission attachments reporter in status??
We need the reporter to not invest in a certain status.

Hello @Alexander 

So, did you try

1. adding the reporter to the permission scheme for creating attachments and then
2. adding jira.permission.attachdeleteown.reporter=denied to the status where it needs to be restricted?

no no no, i tried disabled attachments for reporter, developers in permission scheme.
After this add jira.permission.attach.projectrole = 10001 (this is the project's role for developers) in certain status.
But reporter not can do attachements.

I have to admit I'm getting slightly confused so could you please verify your exact requirements again.

I understood that 

1. the reporter is part of the developers group 
2. the reporter is supposed to generally have the permission to create attachments but 
3. not have the permission to create attachments in certain workflow status only?

Is this correct?

Yes!

But better this way:
It is assumed that the reporter usually does not have the right to make attachments, but
have the permission to create attachments in certain workflow status only

Thanks!

Ok, but unfortunately the way you want it to be handled it not supported by Jira. 

You cannot provide permissions by setting up workflow properties per status but instead, you must add permissions in the permission scheme first and then add workflow properties to restrict them again. 

Hence, please try what I have written before and let me know how its works: 

1. Add the reporter to the permission scheme for creating attachments and then
2. add jira.permission.attachdeleteown.reporter=denied to the status where it needs to be restricted

But this is a disabled on the removal attachments.

We need jira.permission.attachcreate.reporter=denied
but this is not works :(

Thanks.

There is a working method to disable the ability to make attachments?

I see, sorry, got it wrong.

Should be 

jira.permission.attach.reporter=denied

jira.permission.attach.reporter=denied - it's not worked. The reporter can still do attachments.

Sorry if this is a stupid question but have you also added the reporter to your permission scheme for Create Attachments? It's not sufficient if the reporter user gets this permissions by being member of the developers group. 

Hi @Nadine Schütt 
Yes, I added the reporter to my permission scheme for Create Attachments.
Yes, my reporter is in developers project role.
No, i didn't add developers in my permission scheme for Create Attachments.

I add this key jira.permission.attach.reporter=denied but reporter can add attachments.

Thanks!

Hello @Alexander 

I have re-read the instructions and apparently, the syntax has changed. Hence, I have tested it myself with the following expression: 

jira.permission.attach.denied = reporter

It did work as expected so maybe you want to give that a go?

By the way, sorry for the confusion, I am normally using it the other way around: explicitly adding all the project roles and groups which are allowed to do something rather than just adding the one that is restricted. 

It's work!
Thanks for you help! :)

Best Regards,

Alexander

If I need to disable attachments for a project role, I need to set:
Jira.permission.attach.denied = (role id of the project) ??

It should be 

jira.permission.attach.denied.projectrole = <id of projectrole>

If it's more than one projectrole, it should be

jira.permission.attach.denied.projectrole.1 = <id of projectrole>

jira.permission.attach.denied.projectrole.2 = <id of projectrole>

I have one problem.
If we added jira.permission.attach.denied = reporter, then other project roles cannot make attachments either, although they are in the permissions scheme.


oops! :)

maybe need to do reindex project

Weird, didn't work for me either.

Maybe you try it the other way around - rather than adding all the objects denied, add the ones who are allowed to add attachments in the specific workflow status. 

If you have reporter, projectrole 10001 and projectrole 10002 referenced for create attachment permission in the permission scheme and only projectrole 10001 should be allowed to create attachment in a status, add the following property:

jira.permission.attach.projectrole = 10001

How to allow a reporter? :)

jira.permission.attach.user = reporter or jira.permission.attach.reporter = true? 

Thanks!

Try

jira.permission.attach = reporter

not working :(

What exactly isn't working? 

Are you testing with a user who is the reporter of a ticket and does not have any other project roles allowing him to create attachments via the permission scheme and this user cannot create attachments in a specific state even though you added this last workflow property? 

What about jira.permission.attach.reporter = granted?

Hi @Nadine Schütt 
I deleted almost all permissions in permissions scheme on the attachments . First added in the status of jira.permission.attach = reporter - does not work. Then added jira.permission.attach.reporter = granted - also does not work.

Thanks!

Hello @Alexander 

I have tested jira.permission.attach.reporter = granted myself and it did work. Is the reporter still set for create attachments in the permission scheme?

Is you scenario that you have people working on tasks who are in the group developers and than you have another group of people who can simple log tickets as reporters and as such have limited permissions?

1. "Is the reporter still set for create attachments in the permission scheme?" - No, the reporter disabled in create attachments permission scheme
2.No, every reporter is in the group of project developers.
Immediately answer in advance:
3.Yes, I made a jira.permission.attach.group for a group of developers.


Thanks!

Hello @Alexander 

I honestly don't think that what you want to do can be achieved in Jira. 

First of all, before you add or restrict a permission on a workflow status, you must add this permission to the permission scheme. Hence, if you want to work with jira.permission.attach.reporter = granted you need to provide create attachment permissions to the reporter. 

Moreover, I think it's sufficient for a user to fulfil one of the permission conditions on a workflow status to be granted that permission. So, considering both the reporter and the developers group are allowed to create attachments via the permission scheme and you add jira.permission.attach.group = developers to a workflow status, the reporter could still create attachments if he is in the developers group. 

What is the actual use case of your requirement? You have a group of developers working on somethings and they can create attachments in certain workflow status unless they have reported a specific issue?  

Hi @Nadine Schütt 
We got it:
It is necessary to allow everyone to make attachments. And in the required statuses, in addition to jira.permission.attach.denied = reporter, addes the allowing rule jira.permission.attach.projectrole = (id role).
In this way, we can make a hard constraint on the reporter, but not limit developers.

Thanks for your help!

Best Regards,

Alexander