Sometimes, there’s a need to set certain projects to read-only mode, perhaps during maintenance or when you want to limit access for specific users or groups. This blog post will guide you through the process of making Jira projects read-only using a Python script that saves which project uses which permission schemes to a CSV file.

The Challenge

In Jira, project permissions are crucial for controlling access and defining user roles within each project. However, changes to these permissions can be time-consuming and error-prone when done manually, especially in larger instances with numerous projects.

The Solution

This Python script uses the Jira API to automate the process of managing project permissions. This script provides two main functionalities:

1. Project Permissions Restore

If you need to revert project permissions to a previous state, the script allows you to restore permissions based on a backup. This ensures that you can quickly recover from any undesired changes or unexpected issues.

2. Set Projects to Read-Only

For scenarios where you want to enforce a read-only mode across multiple projects, the script facilitates this by setting a predefined read-only permission scheme. This is particularly useful for limiting changes during maintenance periods or when transitioning projects to a different place after a migration to the cloud for example.

How It Works

The script utilizes the Jira API and the ‘jira’ Python library to interact with your Jira instance. It prompts the user to choose between restoring projects or setting them to read-only. Additionally, the user is asked to input the ID of the read-only permission scheme.

The script then reads or writes project permissions based on the user’s choice, ensuring a seamless and controlled process.

Prerequisites

Before using the script, ensure you have:

  • A Jira Cloud instance
  • Python installed on your machine
  • The ‘jira’ library installed (pip install jira)

Getting Started

  1. Download the script.
  2. Replace placeholders for Jira URL, username, password, and other variables with your own details.
  3. Run the script and follow the prompts to restore or set projects to read-only.

Python Script to Export Permission Schemes:

from jira import JIRA
import csv
import sys

def get_user_input():
    read_only_permission_id = input("Enter the ID of the read-only permission scheme: ")
    user_choice = input("Do you want to restore projects or set them to read-only? (restore/read-only): ").lower()

    if user_choice not in ['restore', 'read-only']:
        print("Invalid choice. Exiting.")
        sys.exit()

    restore = 'yes' if user_choice == 'restore' else 'no'
    return restore, read_only_permission_id

def initialize_jira_instance():
    URL = "https://<domain>.atlassian.net"
    USERNAME = "<email>@<domain>.com"
    PASSWORD = "<token>"
    return JIRA(server=URL, basic_auth=(USERNAME, PASSWORD))

def write_mappings_backup(projects, current_permissions_schemes_csv, fieldnames, jira):
    with open(current_permissions_schemes_csv, 'w', newline='') as fout:
        writer = csv.DictWriter(fout, fieldnames=fieldnames)
        writer.writeheader()
        for project in projects:
            if not hasattr(project, "archivedDate") and not project.style == "next-gen":
                permission_scheme = jira.project_permissionscheme(project.key)
                writer.writerow({fieldnames[0]: project.key, fieldnames[1]: permission_scheme.id, fieldnames[2]: permission_scheme.name})

def restore_permissions(projects, current_permissions_schemes_csv, fieldnames, jira):
    with open(current_permissions_schemes_csv) as csvfile:
        reader = csv.DictReader(csvfile, delimiter=',')
        for row in reader:
            project = jira.project(row[fieldnames[0]])
            project.self += "/permissionscheme"
            project.update(id=row[fieldnames[1]])

def set_projects_to_read_only(projects, read_only_permission_id):
    for project in projects:
        project.self += "/permissionscheme"
        project.update(id=read_only_permission_id)

def main():
    restore, read_only_permission_id = get_user_input()
    current_permissions_schemes_csv = 'current_permission_schemes.csv'
    fieldnames = ['project_key', 'permission_scheme_id', 'permission_scheme_name']

    jira = initialize_jira_instance()
    projects = jira.projects()

    if restore == 'yes':
        restore_permissions(projects, current_permissions_schemes_csv, fieldnames, jira)
    else:
        write_mappings_backup(projects, current_permissions_schemes_csv, fieldnames, jira)
        # Comment this block if you only want to test the backup file
        set_projects_to_read_only(projects, read_only_permission_id)

if __name__ == "__main__":
    main()

You can customize the script to meet your organization’s specific needs and easily manage project permissions in Jira.