How to find group usage in permission schemes for Jira Cloud via REST API and Python
プラットフォームについて: Cloud のみ - この記事は クラウド プラットフォームのアトラシアン製品に適用されます。
要約
At the moment it's currently not possible to check if a group is being used in a permission scheme in Jira cloud site. Refer known limitation below
Group usage - List of project permission per group
JRACLOUD-71967 - Getting issue details... STATUS
注意
This article's intention is only to provide a Jira Administrator with information about where a specific group is used in regards to Project level permission schemes. This is not the only place that groups might be used within Jira. There are also other objects such as Global Permissions, Filter shares, Filter subscriptions, Dashboard permissions, etc.
環境
Jira Cloud
ソリューション
Jira admins can make use of following REST APIs which are publicly documented here : https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/
Jira cloud REST api used
Get all permissions schemes: https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-get
Get permission scheme grant : https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permission-schemes/#api-rest-api-3-permissionscheme-schemeid-permission-get
注意
The below script is beyond the scope of Atlassian support. We do not officially support providing scripts or maintaining them as per our support offerings. Any request to assist with running or debugging this script is beyond Atlassian support scope.This is provided as a workaround for the original feature request. For any updates on the ticket please follow here : JRACLOUD-71967 - Getting issue details... STATUS
Use the following Python code snippet. Save this file with .py extension.
- Replace the group_name with the one you are interested to search for in permission schemes.
- Replace jira_url with your site name. For e.g https://xyz.atlassian.net
- Replace email with your email id, make sure you have relevant permission to run these apis. Required permissions can be checked on the pages referenced above.
- Replace <api_token> with your api token. You can check how to generate api token here : Generate API token
import requests
group_name = "m-users"
jira_url = "https://<sitename>.atlassian.net"
auth = ("email", "<api_token>")
# Get all permission schemes
permission_schemes_url = jira_url + "/rest/api/3/permissionscheme?expand=group"
response = requests.get(permission_schemes_url, auth=auth)
permission_schemes = response.json()
# Iterate over all permission schemes
for permission_scheme in permission_schemes["permissionSchemes"]:
# Get all permissions for a permission scheme
permission_url = jira_url + "/rest/api/3/permissionscheme/{}/permission?expand=group".format(permission_scheme["id"])
response = requests.get(permission_url, auth=auth)
permissions = response.json()
#print(permissions)
# Check if the specific group is used in the permission scheme
for permission in permissions["permissions"]:
#try:
if "group" in permission ["holder"]:
if permission["holder"]["parameter"] == group_name:
print("Permission scheme '{}' uses group '{}'".format(permission_scheme["name"], group_name))
break
#except KeyError:
# print("key error in permission")
Sample output below. The above python script prints all the permission schemes where a particular group is being used.
% python3 group.py
Permission scheme 'Copy of NEWPROJ:permission scheme' uses group 'm-users'
Permission scheme 'Default Permission Scheme' uses group 'm-users'Please refer the screen recording for the above steps on running Python script to check if group is being used in a permission scheme :
GroupPermission_2024-09-24T07_31_32.860Z (2).mp4