YouTrack Standalone 2019.3 Help

YouTrack Permissions

permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.

role is a set of permissions which defines the level of access for a user to particular functionality and operations.

All permissions are divided into two categories:

  • Global permissions are granted within YouTrack's global scope and do not depend on a specific project. For example, you can't grant permission to create users in a single project, you can do it only in the system-wide scope. Global permissions are marked with a global badge in the permissions list.

  • Per-project permissions allow actions related to a specific project. For example, a role with the Read Project Basic permission grants users and groups access to view project properties and content for a specific project. If these users don't have the Read Project Basic permission for other projects in YouTrack, they don't have access to them.

The permissions listed on this page grant access to work with the entities that are managed in the YouTrack service. The permissions are grouped by the entity that they provide access to in YouTrack.

For a list of permissions that are used by the built-in Hub service to regulate access to administrative actions, see Hub Permissions.

Permission Updates for YouTrack 2019.3

When your installation is upgraded to YouTrack version 2019.3, the permissions shown in the following table are removed from the application automatically. Actions that previously required these permissions now require permissions from the Hub service that grant similar levels of access.

Permission

Description

Now Requires

Read Not Own Profile

View profile of any user.

Read User Full

Update Not Own Profile

Edit the profile of any user. Allows users to edit or delete tags and saved searches on the profile pages of other users.

Update User

These permissions granted users access to read and update the YouTrack profiles for other users. The YouTrack profile is the collection of user preferences, personal tags and saved searches, and notification settings that each user can configure for their account.

This update removes the Read Not Own Profile and Update Not Own Profile permissions from all existing roles. The permissions that are now required to perform these actions are not granted automatically. If you created custom roles that were meant to restrict users from viewing or changing this information, you may need to grant the corresponding permission from the Hub service to allow access to this information.

This change specifically affects the default Project Admin role. After the update, users who are assigned this role no longer have the Read Not Own Profile. This means that they can no longer read YouTrack profile settings for other user accounts.

Permission Updates for YouTrack 2019.2

In the 2019.2.55152 release, we updated the YouTrack permission scheme.

Changes to the Permission Scheme

The following table lists the permissions that were added in this update:

Permission

Description

Read Report

Previously, the ability to read reports was not explicitly managed by the permission scheme. Any user who was a member of a group that had permission to view and use the report could view it and read the information shown on it, even without having permission to read issues in the projects that were displayed on the report.

The new Read Report permission gives users permission to view reports that display data from issues in a specific project. This permission gives administrators fine-grained control over who is allowed to access information in projects that store sensitive data.

When your installation is upgraded to version 2019.2.55152, this permission is automatically granted to any role that was previously granted either Read Issue or Create Issue.

Create Report

The ability to create reports was previously granted by the Create Tag, Saved Search or Report permission.

The new Create Report permission gives users permission to create reports that display data from issues in a specific project. Permission to create tags and saved searches is now granted separately.

When your installation is upgraded to version 2019.2.55152, this permission is automatically granted to any role that was previously granted the Create Tag, Saved Search or Report permission.

Share Report

The ability to share a report was previously available to any user who had the Create Tag, Saved Search or Report permission.

The new Share Report permission gives users permission to share reports that display data from issues in a specific project.

When your installation is upgraded to version 2019.2.55152, this permission is automatically granted to any role that was previously granted the Share Tag or Saved Search permission.

Create Tag or Saved Search

Replaces the Create Tag, Saved Search or Report permission. When granted, allows for the creation of tags and saved searches. The ability to create reports is now granted explicitly by the Create Report permission.

When your installation is upgraded to version 2019.2.55152, this permission is automatically granted to any role that was previously granted the Create Tag, Saved Search or Report permission.

Create Work Item

The ability to add work items to issues was previously granted with the Update Work Item permission.

The new Create Work Item permission gives users permission to add work items to issues in a specific project. The ability to update work items is granted separately.

With the addition of a dedicated permission for creating work items, we also redefined the Read Work Item permission. Users with Create Work Item permission are now granted the ability to read their own work items even when they aren't explicitly granted Read Work Item permission. This follows the same model of permission inheritance that was previously applied to issue and comment creation. For more information, see Inherent Permissions.

When your installation is upgraded to version 2019.2.55152, this permission is automatically granted to any role that was previously granted the Update Work Item permission.

The following permission was removed in this update:

Permission

Description

Create Tag, Saved Search or Report

This permission was replaced with the Create Tag or Saved Search permission. The ability to create reports is now granted explicitly by the Create Report permission.

Implied and Dependent Permissions

We've added implicit links between permissions where actions that are granted by one permission are technically impossible without the other. This approach makes it easier to define custom roles with the appropriate access rights.

  • When you add a permission with implied permissions to a role, the implied permissions are added to the role automatically.

  • When you remove a permission with dependent permissions to a role, the dependent permissions are removed from the role automatically.

When your installation is upgraded to version 2019.2.55152, all of the permissions that are implicitly linked to other permissions are automatically added to any role that requires the implied permission.

For example, the Read Project Basic permission is added to any role that grants users either Read Issue or Create Issue permission in a project. It's technically impossible to view or create issues without being able to read basic project properties like the project name and project ID, so the Read Project Basic permission is granted implicitly.

To view the sets of implied and dependent permissions, select a permission and open the Details panel in the sidebar.

Details sidebar showing the implied and dependent permissions for the Read Issue Private Fields permission.

Inherent Permissions

When you have permission to create something in YouTrack, you inherit the permission to read and update your own content. You still require explicit permission to read and update content that was posted by other users. This behavior applies to issue reporters, commenters, and work authors.

  • Issue reporters always have permission to view public fields, update public fields, and add links to the issues that they created. This means that users who are granted the Create Issue permission in a project can perform these actions with the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions.

    However, users can't delete their own issues without the Delete Issue permission.

  • Users who have the Create Comment permission inherit the permission to read and update their own comments, even when they don't have Read Comment and Update Comment permissions.

  • Users with the Create Work Item permission inherit the permission to read and update their own work items, even when they don't have Read Work Item and Update Work Item permissions.

This also applies to users who have the Add Attachment permission. Users who attach files to an issue inherit the ability to modify these files and restrict their visibility without the Update Attachment permission.

Permission

Description

Create Issue

Create (report) issues in a project.

Users with this permission can view public fields, update public fields, and add links to the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions.

Implies Read Project Basic.

Delete Issue

Delete issues.

Link Issues

Add links that define relationships between issues.

Users with the Create Issue permission inherit the permission to add links to their own issues whether they are granted this permission or not. However, they can only add links to issues that they have permission to read.

Override Visibility Restrictions

View issues, comments, and attachments that are hidden by visibility settings.

Read Issue

View issues and read public fields.

Users with the Create Issue permission inherit the permission to read their own issues whether they are granted this permission or not.

Implies Read Project Basic.

Read Issue Private Fields

View private fields in issues.

Implies Read Project Basic.

Update Issue

Update the values for public fields in issues.

Users with the Create Issue permission inherit the permission to update their own issues whether they are granted this permission or not.

Update Issue Private Fields

Update the values for private fields in issues.

Implies Read Issue Private Fields.

Update Watchers

Add other users to the list of watchers for an issue.

View Voters

View the list of users who have voted for an issue (available in single issue view).

Implies Read Project Basic.

View Watchers

View the list of users who are watching an issue (available in single issue view).

Implies Read Project Basic.

Permission

Description

Add Attachment

Attach files to issues.

Delete Attachment

Delete any file that is attached to an issue.

All users can delete the files that they attached to issues themselves even when they are not explicitly granted this permission.

Update Attachment

Modify files attached to issues and restrict attachment visibility.

All users can update visibility settings for the files that they attached to issues themselves even when they are not explicitly granted this permission.

Permission

Description

Create Comment

Add comments to issues.

Users with this permission inherit the permission to read and update their own comments, even when they don't have Read Comment and Update Comment permissions.

Delete Comment

Delete comments that they have added to issues.

Delete Not Own and Permanent Comment Delete

Delete comments that were added to issues by other users and delete comments permanently.

Implies Read Comment.

Read Comment

View comments that have been added to issues.

Users with the Create Comment permission inherit the permission to view their own comments whether they are granted this permission or not.

Update Comment

Edit comments that they have added to issues.

Update Not Own Comment

Edit comments that were added to issues by other users.

Implies Read Comment.

Permission

Description

Create Not Own Work Item

Create work items and set another user as the work author.

Implies Create Work Item.

Create Work Item

Add work items to issues.

Users with this permission inherit the permission to read and update their own work items, even when they don't have Read Work Item and Update Work Item permissions.

Read Work Item

View the list of work items in an issue.

Users with the Create Work Item permission inherit the permission to read their own work items whether they are granted this permission or not.

Update Not Own Work Item

Edit work items created by other users.

Implies Read Work Item and Update Work Item.

Update Work Item

Add and edit work items to an issue.

Users with the Create Work Item permission inherit the permission to update their own work items whether they are granted this permission or not.

Permission

Description

Create Report

Create reports that present data from issues in a project.

Implies Read Report.

Read Report

View reports that present date from issues in a project.

Share Report

Update the settings that allow members of specific groups to view and use a report or edit the report settings.

Implies Read Report.

Permission

Description

Create Tag or Saved Search

Create tags and saved searches.

Delete Tag or Saved Search

Delete the tags and saved searches that they have created.

Edit Tag or Saved Search

Edit the tags and saved searches that they have created. Allows users to edit tags and saved searches if the user is a member of the group that is allowed to edit the tag or saved search.

Share Tag or Saved Search

Update the settings that allow members of specific groups to view and use a tag or saved search or edit its settings.

Last modified: 16 March 2020