Using a Workflow to control edit of issue fields

Added by ES, last edited by Anton Mazkovoi on Nov 01, 2007  (view change)

Introduction

Please note that the following instructions do not provide a complete solution to Field Level Permissions, but allow to control who can edit particular fields. This is achieved with the help of Transition Conditions in a Workflow.

These instructions do not provide a solution for restricting who can see the values of fields. Users who have permissions to view an issue, will be able to see the values of these fields for that issue, search by them, receive notifications when these fields change, etc.

Before you read these instructions, it is important to have a good grasp of how Workflows fit into JIRA. A good source of information on Workflows can be found in JIRA's documentation: http://www.atlassian.com/software/jira/docs/latest/workflow.html

You should also familiarise yourself with how Screens work in JIRA: http://www.atlassian.com/software/jira/docs/latest/fieldconfig_screen_overview.html

Instructions

Please note that the ability to edit some System Fields is already protected by a permission:

System Field Permission
Fix Version Resolve Issue
Assignee Assign Issue
Due Date Schedule Issue
Reporter Modify Reporter
Security Level Set Issue Security

The easiest thing to do for the above fields is to use Permission Schemes to control who can manipulate them. For more information on permissions please see: http://www.atlassian.com/software/jira/docs/latest/permissions.html

However, if the field you are trying to protect is not already protected by a permission, e.g. a custom field, you can use a workflow transition. This transition will allow certain users to only edit certain items of an issue without transitioning to another step of the workflow.

Please follow these instructions:

  1. Create 2 Screens.
  2. Using Screen Schemes make sure one of the Screens is mapped to the View Issue and Edit Issue operation. This screen should contain all fields, including the protected fields. Otherwise, no one will be able to see values of fields on the View Issue page.
  3. Create another Screen and map it to the Create Issue operation in the Screen Scheme. This screen should not contain the protected fields.
  4. Create a workflow transition that goes to the same step as it's original step. Ensure the transition uses the same screen as the Create Issue operation.
  5. Create a new group or project role for users who should not be able to edit protected fields.
  6. Protect the transition using the "User Is In Group" or "User Is In Project Role" conditions.
  7. Place users who should not be able to manipulate protected fields into the new group or project role.
  8. Edit the Permission Scheme of the project in question and ensure these users do not have the Edit Issue permission. Grant other permission that you deem needed to this group or project role.
  9. Ensure that a transition such as this exists for all statuses (steps) in the workflow where the protected fields need to be manipulated. All of these transitions can use the same Screen.
  10. Users who are members of the group or project role will be able to execute the transition to edit fields. Other users, who should be able to edit protected fields should use the normal Edit Issue operation.

Please note that the above setup will not allow the protected fields to be populated when issues are created or edited.

Labels

workflow workflow Delete
condition condition Delete
plugin plugin Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (1)

 

  1. Apr 29, 2008

    Stafford Vaughan [CustomWare] says:

    An alternative to these instructions might be the inverse situation. Instead of ...

    An alternative to these instructions might be the inverse situation. Instead of using a transition screen to allow all users to edit certain fields, we can also enable the "Edit" function for all users but omit the protected fields from the Edit screen and put them on a transition screen instead. To achieve Field Level Security in the opposite way to the above instructions, follow these instructions:

    1. Create 2 screens:
      • "All Fields Screen" - contains all fields, including the protected fields.
      • "Create/Edit Screen" - contains all fields except the protected fields.
    2. Using Screen Schemes make sure the "All Fields Screen" is mapped to the View operation and the "Create/Edit" screen is mapped to the Create and Edit operations.
    3. For every step in the workflow where the protected fields should be editable, create a workflow transition called "Edit Protected Fields" that goes to the same step as it's original step. Ensure the transition uses the "All Fields Screen".
    4. Ensure that a transition such as this exists for all statuses (steps) in the workflow where the protected fields need to be manipulated. All of these transitions can use the same Screen.
    5. Create a new group or project role for users who should be able to edit protected fields.
    6. Place users who should be able to manipulate protected fields into the new group or project role.
    7. Set a transition condition ("User Is In Group" or "User Is In Project Role") on the "Edit Protected Fields" workflow transition to allow only authorised users to execute the transition.
    8. Edit the Permission Scheme of the project in question and ensure that all users have the Edit Issue permission.

    Users who are members of the authorised group or project role will be able to execute the transition to edit all fields including the protected fields. Other users, who should not be able to edit protected fields should use the normal Edit Issue operation which will not include the protected fields.

    Please note that the above setup will still not allow the protected fields to be populated when Issues are created.

    -Stafford
    http://confluence.atlassian.com/x/XrAC