Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can you exclude administrators from certain JIRA projects?

Jim Lyons
Richard Davies July 26, 2016

Is it possible to exclude administrators from a specific project? We have a handful of people in the company who have experience of administering JIRA and are set up as administrators with the jira-administrators group. We would like to start using JIRA for some HR functions that would contain confidential information that should not be visible to some of those people who act as administrators for the rest of JIRA.

Is it possible to prevent them from accessing this project, and crucially, prevent them from granting themselves access to it? Possibly by introducing a higher level group that would exclusively hold the ability to grand access to this project?

Many Thanks.

Answer
Watch
Like Steve Behnke [DiscoverEquip.com] likes this
459 views

1 answer

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 26, 2016

No.  If someone is an administrator, they are an administrator, and that means they need the ability to change all projects in order to fulfil the role.

It's strongly recommended that you don't have a lot of administrators and the admins you do have need to be trusted.

Atlassian are working on delegating admin rights and being more flexible so you can have people with some admin rights over projects instead of having to do everything with full admin accounts, but it's a way off, and even when it does get done, your baseline JIRA and JIRA System admins are still going to have full access to administrate all projects.

Your options are to close down most of your admins (set up a project to track requests to go to the main admin team) and then trust the ones that remain

 

View More Comments
Jim Lyons
Richard Davies July 31, 2016

Thanks for that clarification. It's always good to know when something can't be done, so you don't waist time trying to find out how to do it! It's not going to be easy in the short terms to change the admin rights, as the people with the skills to do it, as the people who can't have access to the project we want to set up.  We will just have to use a different tool than JIRA.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 8, 2016

Whatever tool you use, you'll have the same problem - a full admin can always get to everything, or they can't do their job.

Like
Jens
Jens June 20, 2018

@NicLOL

As a Full Admin I have to follow ...may be something like PCI DSS or equal standards for managing secure access and audit the access. 

So I have to implement access restrictions even for full admins in some way. Fido U2f tokens could be a help here. An full admin has to be able to access but only if he is given a physical token by the companys security officer. Which afterwards audits the access.

 

PS: Sorry for reanimation. But the opinion "Ok he is a full admin, I cant stop him access anything" does not mean that there is no tool to manage the access in a secure way.

Just my to cents ;-)

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 20, 2018

That's a layer outside the application, which isn't really the point of this conversation.

Of course, you would need an admin to install and have control over such a solution...

Like
Jens
Jens June 20, 2018

Dear Nic,

with focus on OPs Question, You are right :-) 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 20, 2018

Well, in general really.  At some point, you have to trust the admins.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events