Cannot enable or save Automation rule due to the error "Either you or the rule actor for this rule is missing some required permissions"

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

After configuring an automation rule coming from the add-on Automation for Jira in a project (via the page Project Settings > Project Automation), it is impossible to enable (or save) it due to the following error:

1 2 3 Error Either you or the rule actor for this rule is missing some required permissions: "EDIT_ISSUES"
Screenshot showing the error

The example from this KB will be based in permission EDIT_ISSUES, however the same applies to other missed permission, in accordance with what action is set, as example: ASSIGN_ISSUES, TRANSITION_ISSUES, etc. For those different errors, please validate the corresponding permission.

Diagnosis

Regardless of which root cause is relevant, the first thing to do is to identify the scope of the automation rule and the actor of the automation rule in the Rule Details section, as shown in the screenshot below:

Rule details

Once you have identified the list of the project(s) from the rule scope and the actor of the rule, you can move on to the Diagnosis section for Root Causes 1 and 2.

Diagnosis for Root Cause 1

Go to the page ⚙ > System > Permission Helper, and run the following test for both the actor of the rule and also the user who is trying to enable the rule (both users can be different). Note that this test needs to be run for each project which is in the scope of the automation rule:

  • User: actor (or user trying to enable the rule)

  • Issue: choose one example of an issue key within the project

  • Permission: edit issues

If this test fails for at least one project, and for either the actor or the rule of the user trying to enable the rule, then this root cause is relevant.

Example of test failure:

Example of test failure

Diagnosis for Root Cause 2

Go to ⚙ > Projects > Archive projects, and check if you can see any of the projects defined in the scope of the automation rule listed here:

Archive projects

If you see any of the projects from the rule scope listed here, then this root cause is relevant.

Finding automation rules whose scope is including archived projects via the Jira Database:

If you need to identify the list of all the automation rules which are using an archived project in their scope, you can run the following SQL query below.

Note that the SQL query written above was tested on a PostgreSQL Database. You might need to modify it slightly, in case you are using a different type of Database.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 SELECT rule_project_assoc."RULE_CONFIG_ID", rule_config."NAME", p.id, p.pname, p.pkey FROM propertyentry pe JOIN project p ON pe.entity_id = p.id JOIN "AO_589059_RULE_CFG_PROJ_ASSOC" rule_project_assoc ON p.id = CAST(rule_project_assoc."PROJECT_ID" AS INT) JOIN "AO_589059_RULE_CONFIG" rule_config ON rule_project_assoc."RULE_CONFIG_ID" = rule_config."ID" WHERE property_key = 'jira.archiving.projects' ORDER BY rule_project_assoc."RULE_CONFIG_ID";

Example of output. In the output below, we can see that the 1st rule has 2 archived projects in its scope, while the 2nd rule has 1 archived project:

1 2 3 36 "Some automation rule 1" 10800 "ABC" "Project ABC" 36 "Some automation rule 1" 10301 "DEF" "Project DEF" 61 "Some automation rule 2" 10800 "ABC" "Project ABC"

Cause

Root Cause 1 (applies to both Jira Server and Data Center)

Either the user who is trying to enable the automation rule or the actor of the rule is not granted the Edit Issues project permission across all the projects in the scope of the automation rule.

Please note that currently, the Automation for Jira error message will not explicitly specify a list of projects that lack the required permission for your user. We do have a feature request for adding such functionality in a product that tracks customer interest for this issue:

JRASERVER-72888 - Improve error messages for permission errors to publish automation rules

Root Cause 2 (only applies to Jira Data Center)

One of the projects in the scope of the automation rule was archived.

Solution

Solution for Root Cause 1

Make sure that both the rule actor and the user trying to enable the rule are granted the Edit Issues permission within each project listed in the scope of the automation rule. In case your Automation rule has more than one project in scope, you could verify EDIT_ISSUES permission against a list of the projects using recommendations from Automated verification of user permissions using CLI tools and REST API KB article.

Important note for Jira Service Management projects: for this type of project, a user can only edit issues if this user is acting as an "agent" of the Service Management project, meaning that this user needs to verify the 2 following conditions (in addition to being granted the Edit Issues permission):

  • This user needs to be granted Jira Service Management application access (via a Service Management license)

  • This user needs to be granted the Service Desk Agent

    permission in the project permission scheme

Solution for Root Cause 2

Remove the archived project from the rule's scope.

There is an existing enhancement request aimed at enhancing the error descriptions for this particular scenario: JIRAAUTOSERVER-832: Automation rule should provide correct error message when rule scope has an archived project.

Updated on August 16, 2024

Still need help?

The Atlassian Community is here for you.