Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Need way to restrict “Change access” so only org admins can use it (team‑managed & JSM)

Vallala Ujwala
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 26, 2026

I’m trying to enforce a strict access control model in my Jira Cloud site

Only Org Admins (group: org-admins) should be able to change project/space access and permissions.
Other project admins (including test admins / team leads) must not be able to change access.

3 answers

3 votes
Joseph Chung Yin
Community Champion
February 26, 2026

@Vallala Ujwala -

I believe you need to ensure each project's "Administrator" role is only assigned to org admin (JSM project) + Project's Permission Scheme - Administer projects right is only granted to org admin.

For Team Managed project type project, by enforcing the what you wanted, it defeats the purpose of having Team Managed projects to be utilized in your site.

By default - project's Administrators role members manages the space access and permissions given to the his/her project users.  

Hope this helps.

Best, Joseph Chung Yin

1 vote
Marc -Devoteam-
Community Champion
February 27, 2026

Hi @Vallala Ujwala 

@Joseph Chung Yin and @Arkadiusz Wroblewski are both right here.

But if you are on a Free subscription of Atlassian, there are nog permission configurations possible, as this can only be achieved on paid subscriptions.

Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
February 27, 2026

Thats true.

Like Marc -Devoteam- likes this
0 votes
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
February 26, 2026

Hello @Vallala Ujwala 

in Jira Cloud you can’t really do “project admin, but not allowed to change access”.

In team-managed (and JSM team-managed service projects), the Administrator role is basically “you can configure the project”, and that includes Change access. There’s no separate switch to lock that down only to org admins while still letting team leads be project admins.

So your real options are:

Governance option: only put your org-admins in the team-managed Administrator role. Everyone else gets lower roles.

Strict control option: use company-managed projects for anything that needs centralized permission control.

And as a preventive measure: limit who can create team-managed projects, otherwise new “locally controlled” projects will keep popping up.

Short version: team-managed is designed for local autonomy. If you need “only org admins can change access”, you either remove admin from others or go company-managed for governed projects.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events