Implementing Conditional Permission Setting during Workflow Transitions

Owned by Peter Atthem
Last updated: 2023-11-01
3 min read

Use this tutorial for guidance on updating access permissions for viewing/editing fields across various statuses within the workflow.

Example.

In the 'Backlog' status, both Peter and Rickard can view and edit. However, in the 'In Progress' status, only Rickard can edit, while both Peter and Rickard can view the information.

We will secure the field Salary which will be a Encrypted Text Field.

To do this we will create two more protected fields, PF Viewers and PF Editors to control who can view / edit the field, both of type Encrypted User Picker.

Now when we have the three fields, edit the Salary and set the View permission to PF Viewers and the Edit settings to PF Editors in the User Picker permission.

The above show the config for the Salary field.

Now configure the PF Viewers and PF Editors to only include Automation for Jira as user

 

 

Show an example how the PF Viewers is configured to have the Automation for Jira as user.

For debug or clarity you may want to add a group or reporter, creator and assignee to the View Permission of the PF Editors and PF Viewers field to see who can view edit.

Add API

  1. Navigate to Manage Apps

  2. Click on Protected Fields

  3. Click on API tab

  4. Create an API token

Logic in automation

Now we want to create an automation that sets Peter to the PF Viewer and PF Editors on Create.

  1. Create a new Automation rule

  2. Add When: Issue Created

  3. Add Send web request, copy the URL from the API step above, include ?toke=token&issueKey={{issue.key}} in the URL.

  4. Add the Body, as below but change the field ids to your custom fields.

    [ { "fieldId":"customfield_10203", "value": ["{{reporter}}"] }, { "fieldId":"customfield_10204", "value": ["{{reporter}}", "{{assignee}}"] } ]

Testing this will result in an issue with a secured Salary that on the first state lets Peter edit the field.

 

Now create a second automation that removes Peter from the PF Editors field, since its only automation user that can do this, we have secured it to the automation engine.

  1. Create a new Automation rule

  2. Add When: Issue Transitioned, enter the status Backlog to In Progress

  3. Add Send web request, copy the URL from the API step above, include ?toke=token&issueKey={{issue.key}} in the URL.

  4. Add the Body, as below but change the field ids to your custom fields.

[ { "fieldId":"customfield_10204", "value": ["{{assignee}}"] } ]

This will result in removing Peter from the PF Editors field and only keep Rickard.

Now when Peter tried to edit the field he will not be able.