How to find group usage in permission schemes for Jira cloud via REST api and Python
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
At the moment it's currently not possible to check if a group is being used in a permission scheme in Jira cloud site. Refer known limitation below
Environment
Jira cloud
Solution
Jira admins can make use of following REST apis which are publicly documented here : https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/
Jira cloud REST api used
Get all permissions schemes: https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-get
Get permission scheme grant : https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-schemeid-permission-get
Note
The below script is beyond the scope of Atlassian support. We do not officially support providing scripts or maintaining them as per our support offerings. Any request to assist with running or debugging this script is beyond Atlassian support scope.This is provided as a workaround for the original feature request. For any updates on the ticket please follow here : - JRACLOUD-71967Getting issue details... STATUS
Use the following Python code snippet. Save this file with .py extension.
- Replace the group_name with the one you are interested to search for in permission schemes.
- Replace jira_url with your site name. For e.g https://xyz.atlassian.net
- Replace email with your email id, make sure you have relevant permission to run these apis. Required permissions can be checked on the pages referenced above.
- Replace <api_token> with your api token. You can check how to generate api token here : Generate API token
import requests
group_name = "m-users"
jira_url = "https://<sitename>.atlassian.net"
auth = ("email", "<api_token>")
# Get all permission schemes
permission_schemes_url = jira_url + "/rest/api/3/permissionscheme?expand=group"
response = requests.get(permission_schemes_url, auth=auth)
permission_schemes = response.json()
# Iterate over all permission schemes
for permission_scheme in permission_schemes["permissionSchemes"]:
# Get all permissions for a permission scheme
permission_url = jira_url + "/rest/api/3/permissionscheme/{}/permission?expand=group".format(permission_scheme["id"])
response = requests.get(permission_url, auth=auth)
permissions = response.json()
#print(permissions)
# Check if the specific group is used in the permission scheme
for permission in permissions["permissions"]:
#try:
if "group" in permission ["holder"]:
if permission["holder"]["parameter"] == group_name:
print("Permission scheme '{}' uses group '{}'".format(permission_scheme["name"], group_name))
break
#except KeyError:
# print("key error in permission")
Sample output below. The above python script prints all the permission schemes where a particular group is being used.
% python3 group.py
Permission scheme 'Copy of NEWPROJ:permission scheme' uses group 'm-users'
Permission scheme 'Default Permission Scheme' uses group 'm-users'