400 error, Security Level is required

Douglas Earl April 17, 2015

I'm using the REST API to create a new issue (a POST to .../rest/api/2/issue) from a Windows client. The response is 400 (bad request), and includes this response:

{"errorMessages":[],"errors":{"security":"Security Level is required."}}.

This is from a customer of ours, so I can't reproduce the error myself. Can someone point me in the direction to understanding what our customer would need to configure in order to use the API?

Thanks for any tips you have.

3 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Douglas Earl April 24, 2015

Turns out I can get information about the security field via createmeta, with a parameter to expand the fields:

/rest/api/2/issue/createmeta?projectKeys=xyz&expand=projects.issuetypes.fields

This will return whether or not the field is defined for each type of issue, whether it's required, and a list of allowable values.

Sergiu December 20, 2018

Hi Doug,

When performing the /rest/api/2/issue/createmeta API call are you using a privileged user (like admin or a user that has access to all security levels) ?
I'm performing the same call and do not receive any information regarding security levels.

Thanks

Sergiu December 21, 2018

I finally managed to receive the security field in the metadata response. The condition is that the user making the metadata request needs to have the Set Issue Security permission enabled on the project level.

Like Douglas Earl likes this
0 votes
Andy Nguyen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 17, 2015

Hi Doug,

how do I know when the field is required

It's better if you can check this in JIRA UI, by visiting the Field Configuration used by the project and see if Security Level is a Required field or not. Since each project may use a different Field Configuration Scheme which contains one or more Field Configurations, it's understandable that "it's not always required".

which id to use

Run this SQL query to find out all the available Security Level IDs (and related info) for the project:

SELECT p.pname as "Project Name", p.pkey as 'Project Key', iss.id as "Scheme ID", iss.name as "Scheme Name", ss.security as "Security Level ID", sl.name as "Security Level Name", ss.sec_type as "Granted Type", ss.sec_parameter as "Granted Value" FROM project p INNER JOIN nodeassociation na ON p.id = na.source_node_id INNER JOIN issuesecurityscheme iss ON na.sink_node_id = iss.id INNER JOIN schemeissuesecurities ss on iss.id = ss.scheme INNER JOIN schemeissuesecuritylevels sl ON ss.security = sl.id WHERE na.sink_node_entity = 'IssueSecurityScheme' AND p.pkey = 'DEMO'

You need to modify the project key accordingly. In this example, DEMO is used.

Then you should be able to determine where Security Level is Required and which ID to use properly.

Cheers.

0 votes
rsperafico
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 17, 2015

Hello Douglas,

Thank you for your question.

Please, refer to https://confluence.atlassian.com/display/JIRA/Configuring+Issue-level+Security documentation for further information.

As the REST API call /rest/api/2/issue suggests one of the parameters is:

{
    "update": {
        ...
    },
    "fields": {
        ...
        "security": {
            "id": "10000"
        },
	}
}

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Douglas Earl April 17, 2015

Yes, that helps. I think I misunderstood the error. So it's saying the security level is required in the client request. Is that correct? I guess I was thinking it was something that the user had to configure on the server side, like getting assigned to the appropriate security level group (sorry I'm not much of a JIRA admin).

If I've got that right, then how do I know when the field is required (because clearly it's not always required since it's working elsewhere without it), and which id to use? Since many different customers will use our client software with different installations, or with JIRA Cloud, it doesn't seem like hard-coding 10000 would be the right approach. And there doesn't seem to be a way to query available security levels since /rest/api/2/securitylevel requires an id.

Thanks,

Doug

Like Sergiu likes this

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

TAGS
AUG Leaders

Atlassian Community Events