Say ‘hi’ to our new user access admin role

User admin can't remove users if they have access to an app? So really to remove an user you need org admin?

@Kieren thanks for this update, Kieren! I think this helps and has great potential ... One question, if this removes the need for site and trusted admins. Is there possibility in future for custom admin roles at all? Looking forward to the new comments on this ... Thank you

Hi @Joseph Blasi - Apps don't have a separate user access, their access is derived from the product access. So this new admin role will be able to remove users from any product, regardless of app usage.

@Yatish Madhav - No plans right now. But it is something we'll look into, once we have this fully rolled out.

OK thanks for that @Kieren  -  I will be sure to look out for that :) As for this, when can we expect this and the other user/groups UI updates to be rolled out?

@Yatish Madhav - We'll starting rolling out this new role in April late 2022. The other UI updates have been rolling out for a while now, and will continue to do so for a number of months.

If you'd like to know when your specific Site will be updated, you can raise a support ticket with the question, and they'll redirect it to my team.

Thanks @Kieren - I have done so. I have been notified that Org admins will be notified a month prior and when it is updated on the account. THat ticket is closed now so the wait begins :)

This is wonderful news, and will really help streamline administration duties! Thanks Atlassian!!

Also love that Trusted User is getting removed, it's always been a bit confusing as that role grants admin privileges (and more) without being called admin. Always been a tough one to wrap my head around.

hi

Any update on this???

@Shane Johnson we've had some delays, but should be rolling this out to new customers around May/June 2023 and moving existing customers onto it from June through to the end of 2023.

I am new to JIRA & enjoying the learning.

Hello,

Any update on the status of this for May/June?  And how do we get at the "front of the line" for the rollout as we have a pressing need for this new functionality.

Thanks,

Mark

This sounds like a great step! Some questions:

1. This new role can both manage existing users and invite new ones. If we have "invite users" disabled at the org-level, is it correct that this functionality is also disabled for this role?

2. When you say that these user admins can grant product access "only for their specific products" does this mean if they have a Jira licence for themselves to access Jira, they can also add\remove others from Jira access?

3. Related to 2, I see several things around changing product access that are coming later on....are these going to be disable-able at all or will this role automatically and irrevocably get access to these things?

"Groups" has always been one of those things we couldn't really take advantage of because:

• The best way to handle change management in Jira has been keeping the admin pool as small as possible.
• Jira admins are the only ones who can manage groups.
• Jira admins almost always have better things to do with their time.

I'd love to be able to delegate management of them to non-admins, but I can't have them changing what products people have access to or adding\removing users.

If this gets me out of group management w/still controlling licenses I'm all for it!!!!! 

Would I be able to use this to make my automation user a non-billable seat?

@Haddon Fisher 

1. This new role can both manage existing users and invite new ones. If we have "invite users" disabled at the org-level, is it correct that this functionality is also disabled for this role?

No, the "Invite users" feature is only applicable to regular product users, not users of admin.atlassian.com (i.e. Org Admins or the User Access Admin).

2. When you say that these user admins can grant product access "only for their specific products" does this mean if they have a Jira licence for themselves to access Jira, they can also add\remove others from Jira access?

No, it means that the User Admin can be allowed to grant a license to Jira Software (for example), but no other products. Regardless of if they have a User or Product admin role in that product or any other product. Having a license to use Jira Software and having the User Admin role, are two different (non-related) permissions. You can combine them though, so one user can have both a user role in JSW and a User Admin role for JSW. And this would allow them to both use Jira and invite users to it.

3. Related to 2, I see several things around changing product access that are coming later on....are these going to be disable-able at all or will this role automatically and irrevocably get access to these things?

I'm not sure what things you're referring to sorry. Generally speaking, the User Admin role will only be able to invite/add/remove users to products and add/remove users from groups. Later on, we'll expand it to also manage the 'User Access Settings'.

"Groups" has always been one of those things we couldn't really take advantage of because:

• The best way to handle change management in Jira has been keeping the admin pool as small as possible.
• Jira admins are the only ones who can manage groups.
• Jira admins almost always have better things to do with their time.

I'd love to be able to delegate management of them to non-admins, but I can't have them changing what products people have access to or adding\removing users.

We do have plans for more features to address this issue, i.e. allowing certain users to only add users to specific groups from within your userbase. I'm sure there'll be more info in another blog post later on.

Will this change/addition of the User Admin be able to manage the Portal Only users (customers) accounts as well? Is it possible for someone to be granted this role or User Admin and still not be admin over on a project (so that they do not tinker and make changes)?

Thanks

Hi @Kieren thanks for the answers. I think I'm not quite getting what I need, so let me ask this question in another way:

Is there a way to set this new role up such that users in it can add\remove users from groups but cannot impact licencing in any way (including adding\removing users from licence-granting groups such as the 'jira-users' or 'confluence-users' groups)?

We need a way to allow group management alone, without exposing add\remove licencing.

@Kieren What is the current roll-out status of this announcement?

I'm still seeing the current/old roles Basic, Trusted and Site administrator.

Hi @Kieren , thanks for the update and good luck with the rollout.

Quick question, what about approving domains and creating invitation links? Is user admin any good for that?

@Kieren commenting, 10 months later, I can only imagine the delays and technicalities for this - I am assuming this is due to the new user UI and group editting feature as well? Thank you

Any ETA?

@Kieren this was just rolled out to our instance, I will check it out later today ... but support mentioned that it is in beta. Hope there is general availability of it real soon :) Just putting it out there so that the rest of Atlassian folk are aware of that (I hope I am not mistakening anything on this vs the User Access Admin role) Thank you

We received the update today and it was not very productive. Simple tasks that we used to do with the site admin role are no longer available, such as activating and deactivating users and exporting the base to a CSV. Would it be interesting to have an intermediate role between org admin and user admin, where it is possible to have the same permissions as the old site admin?

We've also just received an email about role changes for one org that we administer. Even though you can get to the correct admin hub by clicking on Download CSV button, it would be great if mail stated to which org this feature has been rolled out as we administer a lot of cloud instances.