Cannot enable or save Automation rule due to the error "Either you or the rule actor for this rule is missing some required permissions"
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After configuring an automation rule coming from the add-on Automation for Jira in a project (via the page Project Settings > Project Automation), it is impossible to enable (or save) it due to the following error:
Error
Either you or the rule actor for this rule is missing some required permissions:
"EDIT_ISSUES"
The example from this KB will be based in permission EDIT_ISSUES, however the same applies to other missed permission, in accordance with what action is set, as example: ASSIGN_ISSUES, TRANSITION_ISSUES, etc. For those different errors, please validate the corresponding permission.
Environment
- Jira 8.x Or Jira Service Management 4.x
- Automation for Jira add-on (any version)
Cause
Root Cause 1 (applies to both Jira Server and Data Center)
Either the user who is trying to enable the automation rule, or the actor of the rule is not granted the Edit Issues project permission across all the projects in the scope of the automation rule.
Please note that currently, the Automation for Jira error message will not explicitly specify a list of projects that lack the required permission for your user. We do have a feature request for adding such functionality in a product that tracks customer interest for this issue:
JRASERVER-72888 - Getting issue details... STATUS
Root Cause 2 (only applies to Jira Data Center)
One of the project in the scope of the automation rule was archived.
Diagnosis
Regardless of which root cause is relevant, the first thing to do is to identify the scope of the automation rule and the actor of the automation rule in the Rule Details section, as shown in the screenshot below:
Once you have identified the list of the project(s) from the rule scope, and the actor of the rule, you can move on to the Diagnosis section for the Root cause 1 and 2.
Diagnosis for Root Cause 1
Go to the page ⚙ > System > Permission Helper, and run the following test for both the actor of the rule, and also the user who is trying to enable the rule (both users can be different). Note that this test needs to be run for each project which is in the scope of the automation rule:
- User: actor (or user trying to enable the rule)
- Issue: choose one example of issue key within the project
- Permission: edit issues
If this test fails for at least one project, and for either the actor or the rule of the user trying to enable the rule, then this root cause is relevant.
Example of test failure:
Diagnosis for Root Cause 2
Go to ⚙ > Projects > Archive projects, and check if you can see any of the project defined in the scope of the automation rule listed here:
If you see any of the project from the rule scope listed here, then this root cause is relevant.
Finding automation rules which scope is including archived projects via the Jira Database:
If you need to identify the list of all the automation rules which are using an archived project in their scope, you can run the following SQL query below.
Note that the SQL query written above was tested on a PostgreSQL Database. You might need to modify it slightly, in case you are using a different type of Database.
SELECT
rule_project_assoc."RULE_CONFIG_ID",
rule_config."NAME",
p.id,
p.pname,
p.pkey
FROM
propertyentry pe
JOIN
project p ON pe.entity_id = p.id
JOIN
"AO_589059_RULE_CFG_PROJ_ASSOC" rule_project_assoc ON p.id = CAST(rule_project_assoc."PROJECT_ID" AS INT)
JOIN
"AO_589059_RULE_CONFIG" rule_config ON rule_project_assoc."RULE_CONFIG_ID" = rule_config."ID"
WHERE
property_key = 'jira.archiving.projects'
ORDER BY
rule_project_assoc."RULE_CONFIG_ID";Example of output. In the output below, we can see that the 1st rule has 2 archived projects in its scope, while the 2nd rule has 1 archived project:
36 "Some automation rule 1" 10800 "ABC" "Project ABC"
36 "Some automation rule 1" 10301 "DEF" "Project DEF"
61 "Some automation rule 2" 10800 "ABC" "Project ABC"Solution
Solution for Root Cause 1
Make sure that both the rule actor and the user trying to enable the rule are granted the Edit Issues permission within each project listed in the scope of the automation rule. In case your Automation rule has more than one project in scope, you could verify EDIT_ISSUES permission against a list of the projects using recommendations from Automated verification of user permissions using CLI tools and REST API KB article.
Important note for Jira Service Management projects: for this type of project, a user can only edit issues if this user is acting as an "agent" of the Service Management project, meaning that this user needs to verify the 2 following conditions (in addition to being granted the Edit Issues permission):
- this user needs to be granted Jira Service Management application access (via a Service Management license)
- this user needs to be granted the Service Desk Agent permission in the project permission scheme
Solution for Root Cause 2
Remove the archived project from the rule's scope.
There is an existing enhancement request aimed at enhancing the error descriptions for this particular scenario: JIRAAUTOSERVER-832: Automation rule should provide correct error message when rule scope has an archived project.