Admin permissions global, or do they need to go through permission schemes as well?

I have all the admin group assigned to me as admin, however I was told this does not give me all rights to a project, board or other things within my JIRA instance.  Are there other permissions I will need?  My current permission groups are:

  • Administrators
  • JIRA-Administrators
  • Site-Admins

 

1 answer

1 accepted

2 votes

Permission to a project is determined by the project permissions. See https://confluence.atlassian.com/adminjiraserver071/managing-project-permissions-802592442.html.

You can add one of the admin groups to the "Browse Projects" permission in the permission schemes to make it easier!

Thanks Jobin for the quick response!  

I actually did look at the article you reference, however that did not clearly state if being in an admin group does or doesn't give you permissions to everything in JIRA.  Based off your response, I gather it is "no", correct?

So, that means I have to go into any and all permission schemes and add admin in order to have admin permission to those projects/boards, correct?

Finally, can you tell me why you suggest I add the admin group to "Browse Projects" permission instead of the "Administer Projects" scheme?  Is there something more advantageous about adding it to "Browse Projects"?

Thanks Jobin!

You have understood Jobin perfectly.  Administrative rights give you admin rights.  Not permission to do everything (because that's a terrible security model).  If you want project rights, you have to grant them to yourself.  Including project admin.

It is quite common (and useful) to give browse to system administrators so that they can see everything, but without polluting the projects with other things (do you need your admins to be assignable in a dev project?  Able to transition stuff they don't care about because they're not your developers?  And so-on).  Granting an admin the project admin right doesn't do much either - project admins can add and remove users and groups in the project, and maintain versions and components.  None of those are generally needed by system admins, and on the rare times a system admin needs them, they have the rights to add themselves anyway.

Thanks Nic - so then question, for me to be able to Schedule Issues, do I need to add myself to any new permission schemes?  I ask because it doesn't seem I have the ability to do it, but if I go to the permission helper and I ask if a user (myself) has access to schedule issues, it says I already have this permission.  But it seems like I cannot modify the due dates.  Ideas? 

It depends on the schemes.  Go to the project and look at the permission scheme - what's the rule that says "these people can schedule issues"?  I'd strongly recommend not touching the scheme, but instead, modify your account to match the rule.  Ideally, schemes will say things like "Schedule: Role X", so you would put your account in role X in that project to get the rights to do it.

However, that's a generalised answer.  It actually sounds like you may have something broken somewhere.  If the permission helper says you have permission to schedule issues, then you should indeed be able to change the due date.  But there are other ways to stop you doing it too.  Could you check the "edit" screen - does the field appear there?  Is the issue closed?  Can you click the due date on the issue view to edit it?

 

Hi Nic, Ok, so I looked at what you said (I think) and what I'm seeing is that Project Role "atlassian-addons-project-access" and "Administrators" (which is a group I'm in) and Application Access is "Any logged in user".  Is this what you were asking me to look at?

No, I asked to look at who has "schedule" permission and if the due-date field appear on the edit screen.

Ah, Ok - nobody does right now.  That's our problem.  I'm trying to figure out how to get this field visible to my team, and I was starting with my own login to troubleshoot, and then when I figure it out apply it to the project. 

Ok, the date will not appear if you don't have permission.  Start by granting that permission to someone (I'd usually grant it to the role of developers, and put myself into that role to test it)

Oh, for some reason I didn't even see that 'Grant Permission' button on the top of the scheme page!  Duh.  Ok, that worked beautifully.  Thanks Nic!!

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published an hour ago in Marketplace Apps

Calling all developers––You're invited to Atlas Camp 2018

 Atlas Camp   is our developer event which will take place in Barcelona, Spain  from the 6th -7th of   September . This is a great opportunity to meet other developers and get n...

13 views 0 0
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you