Need way to restrict “Change access” so only org admins can use it (team‑managed & JSM)

@Vallala Ujwala -

I believe you need to ensure each project's "Administrator" role is only assigned to org admin (JSM project) + Project's Permission Scheme - Administer projects right is only granted to org admin.

For Team Managed project type project, by enforcing the what you wanted, it defeats the purpose of having Team Managed projects to be utilized in your site.

By default - project's Administrators role members manages the space access and permissions given to the his/her project users.  

Hope this helps.

Best, Joseph Chung Yin

Hi @Vallala Ujwala 

@Joseph Chung Yin and @Arkadiusz Wroblewski are both right here.

But if you are on a Free subscription of Atlassian, there are nog permission configurations possible, as this can only be achieved on paid subscriptions.

Hello @Vallala Ujwala 

in Jira Cloud you can’t really do “project admin, but not allowed to change access”.

In team-managed (and JSM team-managed service projects), the Administrator role is basically “you can configure the project”, and that includes Change access. There’s no separate switch to lock that down only to org admins while still letting team leads be project admins.

So your real options are:

Governance option: only put your org-admins in the team-managed Administrator role. Everyone else gets lower roles.

Strict control option: use company-managed projects for anything that needs centralized permission control.

And as a preventive measure: limit who can create team-managed projects, otherwise new “locally controlled” projects will keep popping up.

Short version: team-managed is designed for local autonomy. If you need “only org admins can change access”, you either remove admin from others or go company-managed for governed projects.