JIRA server tips and tricks : WF properties on Status

(note : this works on JIRA Server / Datacenter at the time of the writing of this, Feb 2017)

 Sometimes, you want to set some permissions directly depending on the JIRA Issue Workflow status (i.e. not depending on the whole Permissions scheme applied at the whole project level).

This hard to find trick consist in using Workflow properties on the WF steps.

Use-case : lock the "edit" button on 1 WF step, to 3 user groups

ref :

• https://confluence.atlassian.com/adminjiraserver072/workflow-properties-828788054.html
• https://jirasupport.wordpress.com/2016/02/23/workflow-properties/

In order to allow the Edit right only to a specific user group, you need to add the following property to the workflow step impacted  so that only JIRA administrators can edit an issue

jira.permission.edit.group=jira-administrators

To add multiple groups, use the syntax :

jira.permission.edit.group.1=jira-administrators  jira.permission.edit.group.2=jira-fr jira.permission.edit.group.3=jira-pmo

 

This of course needs to be applied for each step/status of the workflow impacted, making sure that this WF is not shared with other projects or other IT.

JIRA : Status Permissions

from : https://jira.atlassian.com/browse/JRA-32230?focusedCommentId=958985&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-958985

Please note that the expected format is not <property> = denied This format actually grants access to the user named denied.
The proper format is is:
<property>.denied = whatever

The complete format is:

<permission key> = jira.permission[.subtasks].<system project permission>.<grant type>[.<suffix>]   <system project permission> =   assign                                 | assignable                                 | attach                                 | attachdeleteall                                 | attachdeleteown                                 | browse                                 | close                                 | comment                                 | commentdeleteall                                 | commentdeleteown                                 | commenteditall                                 | commenteditown                                 | create                                 | delete                                 | edit                                 | link                                 | managewatcherlist                                 | modifyreporter                                 | move                                 | project                                 | resolve                                 | scheduleissue                                 | setsecurity                                 | transition                                 | viewversioncontrol                                 | viewvotersandwatchers                                 | viewworkflowreadonly                                 | work                                 | worklogdeleteall                                 | worklogdeleteown                                 | worklogeditall                                 | worklogeditown                                          <grant type> =  denied                 | groupCF                 | assignee                 | assigneeassignable                 | reporter                 | reportercreate                 | userCF                 | applicationRole                 | group                  | lead                 | projectrole                  | user   <suffix> = any text that makes the permission key unique among all keys of permissions in the same workflow step.