Restricting Issue Types
Jira issue type schemes are not very flexible, as you cannot limit the available issue types in a project. Typically, if someone has permission to create an issue in a project, they can create every issue type in the project's issue type scheme.
You can use Behaviours to restrict which issue types are available to different categories of users. On this page, we provide you with the following examples of restricting issue types:
- Restricting available issue types based on user role
- Restricting issue type to a single issue based on user role
Restricting available issue types based on user role
You can use the following example to restrict the issue types available to a user based on their role in the project. In this example, we restrict those in the Users role to only see Query and General Request issue types when they create new issues in a specific project. We also restrict those in the Developers role to only see Bugs, Tasks, and New Features.
Those who aren't assigned to the Users or Developers role will not be able to create an issue in the chosen project as they will not be able to see any issue types. However, you can update the script in this example to work as you need.
When creating your own script you can use setFieldOptions on the issue type field and restrict the available issue types accordingly.
Step-by-step instructions
- From ScriptRunner, navigate to Behaviours.
- Select Create Behaviour.
- Enter a name for the behaviour. In this example we enter
Restricting Available Issue Types. - Optional: Enter a description for the behaviour.
- Select Create Mapping.
- Select the project and issue type(s) to map this behaviour to.
- Select Add Mapping to confirm the mapping.
- Select Create to create the behaviour.
You're taken to the Edit Behaviour screen where you can configure the behaviour further. Scroll to the Initialiser field and select Create Script.
Copy the following code into the inline script editor:
import com.atlassian.jira.component.ComponentAccessor import com.atlassian.jira.security.roles.ProjectRoleManager import static com.atlassian.jira.issue.IssueFieldConstants.ISSUE_TYPE def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager) def user = ComponentAccessor.jiraAuthenticationContext.getLoggedInUser() def issueTypeField = getFieldById(ISSUE_TYPE) def userRoles = projectRoleManager.getProjectRoles(user, issueContext.projectObject)*.name def availableIssueTypes = [] if ("Users" in userRoles) { availableIssueTypes.addAll(["Query", "General Request"]) } if ("Developers" in userRoles) { availableIssueTypes.addAll(["Bug", "Task", "New Feature"]) } issueTypeField.setFieldOptions(availableIssueTypes)You can easily customize this script with your own project roles and issues types.
- Select Save Changes.
Test this behaviour
The following four outcomes are possible when testing this behaviour:
- Those in the Users role see Query and General Request
- Those that don't belong to either Users or Developers roles will not see any issue types
- Those in the Developers role see Bug, Task and New Feature
- Those in both the Users and Developers roles see Query, General Request, Bug, Task and New Feature
Restricting issue type to a single issue based on user role
In a different scenario to the above, where there is only one issue type allowed, we can set that issue type and lock the field.
You can use the following example to make sure members of the Users role can only set the issue type to Task and lock the field.
Step-by-step instructions
- From ScriptRunner, navigate to Behaviours.
- Select Create Behaviour.
- Enter a name for the behaviour. In this example we enter
Restrict issue type to a single issue based on user role. - Optional: Enter a description for the behaviour.
- Select Create Mapping.
- Select the project and issue type(s) to map this behaviour to.
- Select Add Mapping to confirm the mapping.
- Select Create to create the behaviour.
You're taken to the Edit Behaviour screen where you can configure the behaviour further. Scroll to the Initialiser field and select Create Script.
Copy the following code into the inline script editor:
import com.atlassian.jira.component.ComponentAccessor import com.atlassian.jira.security.roles.ProjectRoleManager import static com.atlassian.jira.issue.IssueFieldConstants.ISSUE_TYPE // if the current user is in the Users role only, set the issue type to "Query", and lock it def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager) def user = ComponentAccessor.jiraAuthenticationContext.getLoggedInUser() def usersRoles = projectRoleManager.getProjectRoles(user, issueContext.projectObject)*.name if (usersRoles == ['Users']) { getFieldById(ISSUE_TYPE) .setFormValue('Task') .setReadOnly(true) }You can easily customize this script with your own project roles and issues types.
- Select Save Changes.
Test this behaviour
The following four outcomes are possible when testing this behaviour:
- Those not in the Users role will see all available issue types
- Those in the Users role will be restricted to the Task issue type only.
If enforcing specific issue types is critical, we recommend you implement a workflow validator (such as a simple scripted validator) on the Create transition. This adds an extra layer of security beyond Behaviours, which only affect the browser interface and not the REST API.