Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

what are best practices for separating Confluence admins from Jira Service Management projects

In our company, Confluence is used as a collaboration platform among different departments and Jira Service Management by the IT department as a help desk ticketing system.  Many people were given the Confluence “Org & Site Admin” role and initially had access to Jira Service Management. To remove that access, I removed “site-admins” from the “jira-administrators” group in Atlassian Admin User Management.  Is that enough to prevent a Confluence site admin from accidentally accessing a project, making changes, or viewing tickets? Should additional steps be taken at the project Permission Scheme level? And how can I be certain that I haven’t overlooked some other way into Jira Service Management?

1 answer

1 accepted

1 vote
Answer accepted

Hi @Jason Gorman,

It's important to understand the way product and project/space access work across the different Atlassian products you have on board, look at your current setup and maybe redesign certain things from the ground up. Too many people being granted admin rights is a common mistake unfortunately, but can be fixed.

Confluence and JSM are different products, so licensed access (and the associated costs) are managed separately for each product. Navigate to your site's user management and check out the product access page. You will see which groups are granted access to which product (Confluence and JSM being listed separately).

Use the default groups there to grant people there license - this is normally done by default when you grant product access. For Confluence this normally is confluence-users, for JSM jira-servicedesk-users.

It is quite normal to have your site admins have product access as well, as it is their main role to administer the products. If you have too many admins, reducing that number is usually the right thing to do. 

On a final note, JSM is somewhat special in terms of access. Users with a Jira Software license will also be able to access projects (with limited permissions) if they are granted permissions in a project. But that does not go for Confluence users.

So in summary:

  • remove the site admin permissions for people who shouldn't have them
  • check the product access for JSM and Confluence in your site's user management
  • product access is separate for Confluence and JSM
  • product access grants people a license to use a product
  • Jira Software users can view issues in a JSM project if they are granted access to that project; that goes not for Confluence users.

Thank you for the detailed posting.  It was very helpful.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

227 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you