(note : this works on JIRA Server / Datacenter at the time of the writing of this, Feb 2017)
Sometimes, you want to set some permissions directly depending on the JIRA Issue Workflow status (i.e. not depending on the whole Permissions scheme applied at the whole project level).
This hard to find trick consist in using Workflow properties on the WF steps.
Use-case : lock the "edit" button on 1 WF step, to 3 user groups
ref :
- https://confluence.atlassian.com/adminjiraserver072/workflow-properties-828788054.html
- https://jirasupport.wordpress.com/2016/02/23/workflow-properties/
so
that only JIRA administrators can edit an issuejira.permission.edit.group=jira-administrators |
jira.permission.edit.group. 1 =jira-administrators jira.permission.edit.group. 2 =jira-fr jira.permission.edit.group. 3 =jira-pmo |
This of course needs to be applied for each step/status of the workflow impacted, making sure that this WF is not shared with other projects or other IT.
JIRA : Status Permissions
Please note that the expected format is not <property> = denied This format actually grants access to the user named denied.
The proper format is is:
<property>.denied = whatever
The complete format is:
<permission key> = jira.permission[.subtasks].<system project permission>.<grant type>[.<suffix>] <system project permission> = assign | assignable | attach | attachdeleteall | attachdeleteown | browse | close | comment | commentdeleteall | commentdeleteown | commenteditall | commenteditown | create | delete | edit | link | managewatcherlist | modifyreporter | move | project | resolve | scheduleissue | setsecurity | transition | viewversioncontrol | viewvotersandwatchers | viewworkflowreadonly | work | worklogdeleteall | worklogdeleteown | worklogeditall | worklogeditown <grant type> = denied | groupCF | assignee | assigneeassignable | reporter | reportercreate | userCF | applicationRole | group | lead | projectrole | user <suffix> = any text that makes the permission key unique among all keys of permissions in the same workflow step. |