Hello Community, Team,
I have been looking for an answer to a question I presume a lot of organizations have.
In our Atlassian environment with Jira, Confluence, OpsGenie and etc, I need to find (or create) a role with a very specific task.
These users/group need to have the ability to suspend access to users and create access to users in our Atlassian products. Following the principle of Least Privilege, they are not to have Billing access or if they have, to not be able to modify it.
TL:DR version is we need some accounts to have User Management role and rights, without giving him access to Billing.
If we remove Org admin from an account - they can't access user management. We need these people to not be Org/Site admin, but have user management without elevating the role.
Any ideas or practices would be greatly appreciated!
As others pointed out there is a role just like you want - User access admin.
While Samuel linked to documentation related to managing Customer accounts in JSM, this applies to all products: https://support.atlassian.com/user-management/docs/what-are-the-different-types-of-admin-roles/
You do need to be on the "Centralized User Management Experience":
The user access admin role is only available if you have the centralized user management.
If you are not yet on the new experience (i.e. are an older site) – raise a request with Atlassian support via https://support.atlassian.com
Welcome to the community!
You need to add the users to the User access admins role, this will only grant the users access to add/edit/remove users.
Ref: https://support.atlassian.com/user-management/docs/manage-jira-service-management-customer-accounts/
User access admins - They administer users and groups from admin.atlassian.com for a specific product in your organization. This role doesn’t grant access to the product.
Best regards
Sam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.