I'm confused with a various levels of administration groups, roles and activities.
What are the scopes? What are the differences? What is created by default and for what purpose?
Can you explain these, please?
Thank you,
Inna
For Server and DC, see https://confluence.atlassian.com/adminjiraserver/managing-global-permissions-938847142.html
For Cloud (as you've said you are on it) you don't actually care - you don't get system admin, only Atlassian do.
Hi @Inna S
Please take a look at this explanation of how permissions work in Jira as it appears to answer your questions:
https://support.atlassian.com/jira-software-cloud/docs/how-do-jira-permissions-work/
Kind regards,
Bill
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you, @Bill Sheboy . This sheds some light, but does not answer the basic questions like how to find all the users that have 'delete' permission, for example.
And what is the best place to observe all the permissions a specific user has across the subscription projects, boards and issues.
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In my experience, neither of those questions can be easily answered with out-of-the-box features...as you can see from that documentation description.
One could instead use the "permission helper" to diagnose the permission problems for a user with a specific issue, or investigate their role, group, etc. to solve problems.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The system 'knows' both exact permissions of every user and all users that have all kinds of access to any object in the system.
So surfacing this information is a matter of choice for the Jira makers. It looks to me like they deliberately hide this information to make space for 3rd-party apps.
Because right now the situation is the absence of the usable access audit, including the one to the critical areas like admin operations. And this wouldn't be seen favorably by any audit.
Permission helper is for the one-off troubleshooting. That is better than nothing, but is nearly not enough for any system containing critical and sensitive information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Agreeing with you: there are lots of opportunities to improve the admin functions in this and the audit logging areas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.