How to find group usage in permission schemes for Jira Cloud via REST API and Python
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
It's not possible to check if a group is being used in a permission scheme in the Jira cloud site at the moment. For a known limitation, refer to JRACLOUD-71967.
Note
This article's intention is only to provide a Jira Administrator with information about where a specific group is used in regards to Project level permission schemes. This is not the only place that groups might be used within Jira. There are also other objects such as Global Permissions, Filter shares, Filter subscriptions, Dashboard permissions, etc.
Solution
Jira admins can make use of the following REST APIs which are publicly documented here: https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/
Jira cloud REST api used
Get all permissions schemes: https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-get
Get permission scheme grant: https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-schemeid-permission-get
Note
The script below is beyond the scope of Atlassian support. We do not officially support providing scripts or maintaining them as per our support offerings. Any request to assist with running or debugging this script is beyond Atlassian support scope.This is provided as a workaround for the original feature request. For any updates on the ticket, please follow here: JRACLOUD-71967.
Use the following Python code snippet. Save this file with .py extension.
Replace the group_name with the one you are interested in searching for in permission schemes.
Replace jira_url with your site name. For e.g https://xyz.atlassian.net
Replace email with your email ID. Make sure you have relevant permissions to run these APIs. Required permissions can be checked on the pages referenced above.
Replace <api_token> with your api token. You can check how to generate api token here: Generate API token
python script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import requests
group_name = "m-users"
jira_url = "https://<sitename>.atlassian.net"
auth = ("email", "<api_token>")
# Get all permission schemes
permission_schemes_url = jira_url + "/rest/api/3/permissionscheme?expand=group"
response = requests.get(permission_schemes_url, auth=auth)
permission_schemes = response.json()
# Iterate over all permission schemes
for permission_scheme in permission_schemes["permissionSchemes"]:
# Get all permissions for a permission scheme
permission_url = jira_url + "/rest/api/3/permissionscheme/{}/permission?expand=group".format(permission_scheme["id"])
response = requests.get(permission_url, auth=auth)
permissions = response.json()
#print(permissions)
# Check if the specific group is used in the permission scheme
for permission in permissions["permissions"]:
#try:
if "group" in permission ["holder"]:
if permission["holder"]["parameter"] == group_name:
print("Permission scheme '{}' uses group '{}'".format(permission_scheme["name"], group_name))
break
#except KeyError:
# print("key error in permission")
Sample output below. The above python script prints all the permission schemes where a particular group is being used.
Output
1
2
3
% python3 group.py
Permission scheme 'Copy of NEWPROJ:permission scheme' uses group 'm-users'
Permission scheme 'Default Permission Scheme' uses group 'm-users'Was this helpful?