I’m building a C# app that creates JIRA tickets automatically through the SOAP API. The app should let developers pick who gets assigned to each ticket from a dropdown menu.
Right now I’m running into a problem. When I try to get the list of project members using a regular user account, JIRA throws an error saying I need admin rights. But I don’t want to put admin login details directly in my code since other people can see it.
Here’s my current setup:
JiraSoapService client = new JiraSoapService();
string authToken = client.login("regular_user", "user_pass");
// This line fails - says I need admin permissions
var teamMembers = client.getProjectRoleActors(authToken, roleObject,
client.getProjectByKey(authToken, "PROJ"));
Is there a way to give my regular user account just enough permissions to view the user list without making it a full administrator? I really need to avoid hardcoding admin credentials.
Any ideas how to solve this?
Had the same issue with JIRA’s SOAP API last year. The getProjectRoleActors method needs way higher privileges than you’d expect. We switched to the REST API - it handles permissions for user queries much better. If you’re stuck with SOAP, try getProjectRoles first to grab the role IDs, then call getGroup for each role instead of hitting getProjectRoleActors directly. This skips some of the stricter permission checks. Also check if your JIRA instance has custom permission schemes blocking the call even when you have proper global permissions. Some orgs lock down user enumeration for security no matter what API permissions you have. You might need your JIRA admin to create a custom permission scheme for your project that allows user list access without full admin rights.
Had this exact issue two years ago during our ticketing system migration. We solved it by creating a dedicated service account for API operations instead of messing with regular user permissions. Create a new JIRA user with “Browse Users and Groups” global permission - this lets it pull user lists and project roles without full admin access. You’ll find this in Global Permissions under JIRA administration. We also added our service account to the “jira-developers” group and gave that group the project-level permissions to view members across all relevant projects. This keeps your regular accounts secure while giving the API what it needs. Store the service account credentials in your app’s config file or environment variables - don’t hardcode them. Way cleaner than trying to work around the permission requirements.
check your project role setup first - the issue might not be global permissions but how project roles are configured. Go to project settings > people and verify your user has a role that can view other members. try getUsersInGroup() instead of getProjectRoleActors() for the dropdown - it works better with limited privileges.