How to limit access based on user project and issue permissions


My app collects some info about issues. There is a page that shows summarized info about different issues from different projects.

I’d like to restrict summary based on user’s permissions. If user cannot read an issue, the issue shouldn’t be added to summary that he gets.

What strategy would you suggest that cloud app should use?

I collect data periodically, because the information that I show is similar for different users and is rarely changed. So when user opens the page, I show him info that I have already. Shown info differs from user to user due to permissions only.


I would probably use the act-as-user permissions bit and execute a JQL query from that user, passing in the issueKeys you want to retrieve. Jira then filters out any issues the user doesn’t have access to.

So for example, if your summary has 100 issues from 2 different projects, do an issue search with JQL of something like “issuekey in (ABC-1, ABC-2, TEST-24, etc)”.


Hi @ademoss,

What would you do in case of pagination?

I need to show 100 first issues. So, I collect number of them, filter by user permission, there are 5 left. Then I need to collect more and ask for permissions again and again to reach 100. And if user has lack of permissions I can request many times until I build the full page.

That’s a good question. I don’t have a good answer to that. One potential option would be to change the pagination to “show more”, so you don’t have to deal with returning to a specific page.

Behind the scenes, you might still have to make recursive calls to ‘fill a page’ with enough content. And knowing where to resume would potentially be an issue.
In our case, we retrieve up to 1k keys at a time, and use the last issue key as a reference on where to continue from.

Hope that helps a bit