Implement a dynamic update option for steps related to user issue fields, group issue fields and group step in Jira.

This feature allows for the modification of these steps before they are finalized based on the issue field behavior, including:

• Replacing the step value - When replacing an active step, it's important to promptly notify the current approver that their approval is no longer necessary.

• Adding additional steps

• Removing the step

Introduce a checkbox at the definition level, which requires global admin approval to activate this feature.
Moreover, incorporate an icon in the issue view on the approvals page to indicate that the step is updatable and utilizes parallel groups.

Accepted criteria

• Dynamic updates can be made to steps related to user issue fields and group issue fields before they are finalized.

• The feature supports replacing values, adding steps, or removing values.

• Functionality is restricted to steps that are active or awaiting.

• A definition-level checkbox for global admin approval is implemented.

• An icon indicating updatable steps is displayed in the issue view on the approvals page.

Current limitations regarding group updates:

There is no easy way to get info about group updates (users added, users removed). Jira doesn't provide webhooks for group membership changes.

1. Use webhooks from the Atlassian Administration Audit Log (organizational audit log webhooks). The audit log includes events related to users/groups, including adding/removing users to/from groups.

   How to approach this architecturally:

   In Atlassian Administration → Insights/Security → Audit log → Settings → Webhook, register a URL webhook (you can have multiple webhooks per organization).

   This webhook is directed to:

   Your backend (the simplest method), or

   A Forge endpoint (e.g., Forge Remote/HTTP endpoint), which then updates the permissions/group cache in your application.

   When you receive an event such as "user added to group / removed from group," you refresh the cache for that user/group.

   But for users to define these webhooks, this functionality requires either a Jira Cloud Enterprise subscription or a lower Jira subscription with Atlassian Guard subscription, which is an additional fee (a few dollars per user).

2. Audit Log Polling.
   Poll the Jira Audit Log API at regular intervals (every 5 minutes) to detect when users are added or removed from groups.

   How it works:

   1. Periodically call GET /rest/api/3/auditing/record endpoint per instance (so multiple calls) with a timestamp filter

   2. Parse audit records for "User added to group" and "User removed from group" events

   3. Extract group ID, user ID, and change type from each relevant record

   4. Store the last check timestamp to avoid reprocessing old events

   Requirements:

   • "Administer Jira" global permission for the Connect app

   • OAuth scope: read:audit-log:jira

     This solution requires making multiple calls for each instance every few minutes. Atlassian is currently introducing API calls limits, so this solution is not ideal.
     

That's why group step updates tasks are in gathering interest status.