Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Project Admin role but also member of group with Developer role -- which permission wins?

Kristine.Mizukami
Kristine.Mizukami March 25, 2024

Hi! I wanted to get clarity about the project roles in Jira.

In our organization, our SOP is to add groups to projects, not individuals.

But we do want to give more permission to the Project Leads so what I'm doing is in Project Settings > People, I gave the Project Lead person Administrators project role, then I added groups and gave them the Developers project role.

Sometimes though, the Project lead person is also a member of a group added to the same project, so he/she has both Administrator and Developer project roles.

In this case, which role will win?

Based on my experience with other systems, the lower permission wins, so it's Developer. Is this the same for Jira? Or will it be a combination of the permissions assigned to both project roles?

I hope my question is not confusing but would really appreciate your answer. Thank you in advance!

Answer
Watch
Like Be the first to like this
687 views

3 answers

3 accepted

2 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 25, 2024

Welcome to the Atlassian Community!

Neither "wins".  Atlassian systems have a simple permissive model (although there are ways to do individual restrictions at an item level).  If you give people admin, they can do admin things.  But just admin, until you let them in as something else as well.

A project lead with Admin and Dev can do everything you've set up for both Admins and Developers to do.  There's no "win", they just have two sets of (probably overlapping) permissions to do things.

One thing that often confuses people about Atlassian stuff is that they have a sensible but counterintuitive administration model.  Admin does not mean "can do anything", it means "can do admin"

My classic example of that is that I have had many jobs where I was the Atlassian system admin in large installations.  Picking one for numbers, as it was a full-time job, I really didn't need or want to see the vast majority of the 20,000 projects or 1 million issues there.  So, as an admin, I removed all my access to everything except the Atlassian support, maintenance, and upgrade projects.

When someone raised a support request, as an admin, I could always temporarily let myself into their project to debug it.

TLDR: No, there's no "win".  If you grant a permission to an account, they can use it.

View More Comments
Kristine.Mizukami
Kristine.Mizukami March 25, 2024

Hi @Nic Brough -Adaptavist- 

Thank you very much for the detailed explanation. I really appreciate the example you gave and fully understand this now. Thank you so much!

Like # people like this
Reply
0 votes
Answer accepted
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 25, 2024

Hi Kristine - Welcome to the Atlassian Community!

There’s not really a who wins kind of conflict in Jira with permissions. There is a permission scheme attached to the project and then specific permissions are given to either groups or project roles or individual persons, for example. So if a person is in two project roles and they both have permission for that item, then they can just do it. It doesn’t really execute as one role or the other. 

Is there a specific example that you have in mind?

View More Comments
Kristine.Mizukami
Kristine.Mizukami March 25, 2024

Hi @John Funk

Thank you very much for answering. I was coming from a Windows administrator point of view, but I did notice there are no "negative" permissions in Jira so I did think maybe the permissions will be just a mix.

For example: Admin can move tasks to other projects, and Dev is not given this permission. So for a person who is both Admin and Dev, will Dev win and he/she won't be able to move a task? (Windows admin thinking. Haha!)

But as all answers here, there isn't a "win" in Jira so the answer for this is the person will still be able to move tasks. I understand this now. Thank you so much!!

Like John Funk likes this
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 25, 2024

Great! Sounds like you have a good handle on it now. Glad we were able to help.

Like Kristine.Mizukami likes this
Reply
0 votes
Answer accepted
Trudy Claspill
Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 25, 2024

Hello @Kristine.Mizukami 

Welcome to the Atlassian community!

With Jira you are granting a user permissions, not denying them permissions. So the user will have all the permissions granted to each individual role to which they are assigned.

Example:if the Developer role has the Edit Issues permission but the Administrator role does not, a user assigned to both roles will have the Edit Issues permission.

View More Comments
Kristine.Mizukami
Kristine.Mizukami March 25, 2024

Hi @Trudy Claspill!

Thank you so much. This is very clear. The "not denying" part makes so much sense. Thank you!

Like John Funk likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events