For Security reasons, we would like to be sure that no team leader can add "jira-users" to a role that has a role browsing permission. In that case, that means that anyone can see his project.
But some admin JIRA beginners may make a mistake by adding the wrong group instead of putting several names in the right column.
In other words, I would to be sure that any team leader can add a group member of his project.
Is there a way to do that ?
I would supplement monitoring suggested by @Gabrielle Bautista [ACP-JA] with the thorough 'awareness training', explaining team leaders what is a desired practice, what is the impact if they do not follow instructions and why it is important that they should not add jira-users group to their project roles. I am sure that it will take you less time to prepare the communication about it than looking for the technical prevention solution. Inform-Trust-Check.
I'm afraid there's no way to stop a project admin from adding jira-users to a role.
Take a look at Delegated Admin Pro for JIRA. https://marketplace.atlassian.com/plugins/com.wittified.jira.delegated-admin
It allows you to filter out groups for permissions and notification schemes AND at the same time you're able to reduce the number of global admins on your instance.
I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs