Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scriting options for Project level access removal

khushboo_puri
khushboo_puri
Contributor
February 6, 2025

Can we use scripting (postman or scriptrunner)to remove users from Project roles(leaving only groups)

Answer
Watch
Like Be the first to like this
139 views

1 answer

1 vote
Jeroen Poismans
Jeroen Poismans
Community Champion
February 6, 2025

Hi,

I have made a script that removes a group from a project role on all projects in an instance:

import com.atlassian.crowd.embedded.api.Group
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.project.Project
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.security.roles.ProjectRoleActors
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.RoleActor
import com.onresolve.scriptrunner.parameters.annotation.ProjectPicker
import com.onresolve.scriptrunner.parameters.annotation.ProjectRolePicker
import com.onresolve.scriptrunner.parameters.annotation.GroupPicker
import com.onresolve.scriptrunner.parameters.annotation.*
import org.apache.log4j.Level
import org.apache.log4j.Logger

import static com.atlassian.jira.security.roles.ProjectRoleActor.GROUP_ROLE_ACTOR_TYPE
import static java.util.Collections.singletonList

def log = Logger.getLogger("be.script")
log.setLevel(Level.INFO)

@GroupPicker(label = 'Group', description = 'Pick a group to remove from role', placeholder = 'Pick a group')
Group INPUT_group

@ShortTextInput(label = "Project role", description = "")
String INPUT_projectRole

ProjectManager projectManager = ComponentAccessor.getProjectManager()
ProjectRoleService projectRoleService = ComponentAccessor.getOSGiComponentInstanceOfType(ProjectRoleService.class)
ProjectRoleManager projectRoleManager = ComponentAccessor.getOSGiComponentInstanceOfType(ProjectRoleManager.class)

int count = 0
ProjectRole projectRole = projectRoleManager.getProjectRole(INPUT_projectRole)
List<Project> allProjects = projectManager.getProjects()

for (Project currentProject: allProjects) {
   ProjectRoleActors projectRoleActors = projectRoleService.getProjectRoleActors(projectRole, currentProject, null)

   Optional<RoleActor> actorToRemove =  projectRoleActors.getRoleActors().stream()
         .filter {it -> it.parameter.equalsIgnoreCase(INPUT_group.getName())}
         .findFirst()

   if (actorToRemove.isPresent()) {
      count ++
      projectRoleService.removeActorsFromProjectRole(singletonList(INPUT_group.getName()), projectRole, currentProject, GROUP_ROLE_ACTOR_TYPE, null)
      log.info("$count => project $currentProject")
   }
}

return "Done!"

 

With some tinkering you might be able to transform it so it removes a user form a project role in all projects or to whatever need you might have.

In the top of the script you will see the following:

@GroupPicker(label = 'Group', description = 'Pick a group to remove from role', placeholder = 'Pick a group')
Group INPUT_group

@ShortTextInput(label = "Project role", description = "")
String INPUT_projectRole

In the script runner script console this shows a dropdown to pick a group and an input textbox to provide the project role. You can replace this with logic for a hardcoded user etc ...

Near the end you will see this line:

projectRoleService.removeActorsFromProjectRole(singletonList(INPUT_group.getName()), projectRole, currentProject, GROUP_ROLE_ACTOR_TYPE, null)

The param GROUP_ROLE_ACTOR_TYPE tells the service to remove groups provided in the other params. This params can also be USER_ROLE_ACTOR_TYPE, which will indicate to remove users provided. 

With this you should come to a solution.

Jeroen

 

View More Comments
khushboo_puri
khushboo_puri
Contributor
February 9, 2025

HI @Jeroen Poismans 

Can we remove only users from project roles and we don't want to remove groups from project roles?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.