A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Are there inherited permissions set for the Organisation Admin role and org-admin group?

potato7
potato7
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 13, 2026

I am doing some housekeeping in our user groups to simplify user management and permissions.

I understand that when creating a new user group, you can grant app admin and user access admin "Roles" to any Atlassian app you use. You can also add these groups to Global Permissions and Permission Schemes in Jira, but the options don't include Site Admin or Organisation Admin.

My question is specifically for the pre configured group, "org-admins".

Although this group can behave in the same way as new groups, e.g. Roles can be granted to Apps via 'Grant Access" as "User access admin", "App admin", or "User", and it can be added to Global Permissions  and Permissions schemes in Jira, there seems to be an inherited Roles called "Organisation admin" when a user is added to 'org admin', that I can't figure out where is defined.


We also have 'site-admin' and the Site admin role, but I understand this is a legacy group no longer used.

 

Question 1: I was wondering where this is configured? And if new groups can be created where "Organisation Admin" can be granted?

Question 2: Does the 'org-admin' group need defined Apps and Roles (e.g. "Jira Administration" -> app admin,) or will this be granted by default without any explicit access granted? 

For Question 2, I was wondering if the "org-admins" should basically have an empty tab under "Apps" to enable added users to access "org-level settings, users, and groups, and to view billing" and for app admin to be granted separately in a specific app admin group.

---

See below for a list of defined roles in our instance. The first two aren't available as App Roles, I can only see them when when searching for Users.

 

User Role.png

Answer
Watch
Like Be the first to like this
46 views

1 answer

0 votes
Germán Morales _ Hiera
Germán Morales _ Hiera
Atlassian Partner
June 13, 2026

Hi @potato7, the reason you can't find where "Organization admin" is defined is that it isn't an app role. It's an organization-level role baked into one special group, so it never shows up in a product's Grant access list the way App admin or User access admin do, which is also why the first two roles in your screenshot only appear against users.

That group is org-admins. Atlassian states it directly: whether it's named org-admins or site-admins, this group grants the organization admin role, and you only ever have one of the two depending on when the org was created. You can rename it, but you can't point the organization admin role at an arbitrary new group, and that group can't be a default group for any role. So for question 1, there are two supported ways to grant organization admin, and neither needs a custom granting group:

  • Add the user to the org-admins group.
  • Go to Directory, then Users, open the person, use the more actions menu, then Assign org admin role.

For question 2, org-admins needs no apps or roles defined on it to work. The organization-level capabilities you listed, like org settings, users and groups, and viewing billing, come from the org admin role itself. Separately, Atlassian automatically grants every organization admin the user and app admin role for every app, and those can be removed. The org admin role on its own grants neither app access nor the ability to configure app settings, so your approach is sound: keep org-admins for organization-level administration, remove the automatically granted app admin if you want clean separation, and grant Jira Administration app admin through its own dedicated group.

One correction on the legacy point: the site-admins group name is legacy, but Site admin is still a role of its own for managing a single site, assigned per user from that same more actions menu rather than through org-admins. Check in Directory whether your site-admins group still has members or grants anything before treating it as unused.

Both points are documented here: granting admin roles and the org-admins group and what each admin role can do.

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security