How to restrict issue cloning in Jira
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
So far as Jira Core 8.19, there is no clone permission in Jira.
We've seen many instances making use of workflow-based permissions such as
jira.permission.createclone.denied but this has been working on a coincidence.
The how-to article title's misleading on purpose to draw attention to what's explained here.
All Jira Core versions 7.x and 8.x.
Jira doesn't have a Clone permission, only a Create permission.
The way Jira implements permission checking, the property
jira.permission.createclone is interpreted as the
jira.permission.create property — it ignores the rest of the word.
Making use of this property in the first status of the workflow causes:
- Clone operations to be forbidden in the UI — as expected.
- Clone operations to be forbidden through REST API — as expected.
- Create operations to be forbidden through REST API — unexpected!
- Usage of
/createmeta/endpoint returns with empty fields — unexpected!
Yet create operations still work through the UI — and this is the actual issue!
Create operations through the UI don't check the workflow create permission (just the Project's create permission), and this has lead to a major misunderstanding that
jira.permission.createclone actually works. Well, it does, but it's a coincidence (if you don't create issues through REST API).
There is no way to restrict the cloning of issues in Jira in a reliable way.
Jira doesn't have a Clone permission — only a Create permission.