You are here: Administration > Issues > Issue Security Rules

Issue Security Rules

The normal security rules for issues apply to viewing, adding, editing and deleting issues within the system. If a user has the ability to "edit" a particular issue, then they can navigate to the issue add/edit form and modify the base issue information, including the "name," "description," "steps to reproduce" and the "assignee" of the issue.

There are additional security implications in regards to processing issues within the system that extend beyond the basic permissions previously described, and are implemented primarily from the issue display form.

The following terms are used to describe the various roles in regards to issue management:

  1. Issue Manager Role is a global user setting which indicates that a particular user is a system wide issue manager and has special issue management privileges which are described below. Additionally, if the issue is associated to a specific project, then a user with "Project Manager" or "Project Scheduler" role on that particular project assumes the Issue Manager Role for that particular issue.
  2. Issue Creator is the user which created the issue within the system.
  3. Last Issue Assignor is the last user assignor of the issue.
  4. Current Issue Assignee is the user the issue is currently assigned to.

The additional security rules are applied as follows according to the particular section of the display form as follows:

Issue Management

  1. If the user is the Issue Creator, Last Issue Assignor or is the Current Issue Assignee AND the user has "read" rights to the issue, then the user can modify the "Issue Management" section from the issue display form.
  2. If the user has the Issue Manager Role AND the user has "edit" rights to the issue, then the user can modify the "Issue Management" section from the issue display form.

Resolution History

  1. If the user is the Issue Creator, Last Issue Assignor or is the Current Issue Assignee AND the user has "read" rights to the issue, then the user can add a new resolution to the "Resolution History" section of the issue, and the user can edit or delete a resolution which was created by themselves.
  2. If the user has the Issue Manager Role AND the user has "edit" rights to the issue, then the user can add, edit and delete any resolution from the "Resolution History" section of the issue, regardless of who created the resolution.

Comment History

  1. If the user has "read" permissions to the issue, then they can add a new comment to the "Comment History" section of the issue, and the user can edit or delete a comment which was created by them.
  2. If the user has the Issue Manager Role AND the user has "edit" rights to the issue, then the user can add, edit and delete any comment from the "Comment History" section of the issue, regardless of who created the comment.