Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Image of the Day: Extended Project Administration

March 22, 2024

0cc2575a-89a7-4d4e-8250-f38633ce25fd.png

Concept Relates To

Application Type

Jira Software, Jira Service Management, Jira Core

Deployment Type

Jira Server, Jira Data Center

What is shown?

A permission scheme in Jira Server and Data Center

Visit: Admin > Issues > Permission schemes

What can we learn?

In Server and Data Center, it’s possible to delegate limited workflow and screen editing abilities to project admins. Application admins can turn on these functions with the checkbox labeled “Extended project administration” in a project’s permission scheme.

The conditions for limited workflow editing are:

  • The workflow must not be shared with other projects or be a default system workflow. In other words, project admins with the extended project administration permission can modify custom, dedicated workflows.

  • Project admins can add a status to the workflow, but the status must already exist in Jira. Only application administrators can create or edit statuses.

  • Project admins can remove a status, but only if it isn’t used by any project issues.

  • Finally, the project admin can create, edit, and delete transitions, but they cannot select or change transition screens, edit transition properties, or edit behaviors like conditions, validators, or post functions.

The conditions for limited screen editing are:

  • The screen must be custom and not a default system screen.

  • The screen can’t be shared with other projects or used in workflow transitions.

If both are true, the project admin can add, remove, and reorder system and custom fields. Only application administrators can create or edit custom fields, however.

Note: The "Extended project administration" permission is enabled (checked) by default when new permission schemes are created.

Back to intro and image list

Comment
Watch
Like # people like this
440 views

5 comments

Matt Doar
Matt Doar
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 22, 2024

I think the checkbox is still checked by default in new Notification Schemes? Something to watch out for if you don't want to allow this.

Like
Awraam Fanariotis
Awraam Fanariotis March 22, 2024

Hey im not sure about this one:

  • Project admins can add a status to the workflow, but the status must already exist in Jira. Only application administrators can create or edit statuses.

We have this enabled in our system and every project administrator can create new Status (not only use the ones in the system). I would really appreciate if the behavior was how you described it. :)

 

Also if a the Issue Type Scheme is only shared with one project, than the Admin can also update the scheme and create new issue types.

Like
Rachel Wright
Rachel Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 22, 2024

Hi @Matt Doar and @Awraam Fanariotis - thanks for your contributions! I tested both in Jira 9.12.1 and noticed the following:

1. Correct, the "Extended project administration" permission is enabled (checked) by default when new permission schemes are created. I added this to the article's content. I'm not sure how I feel about it though. As an admin, I fell like it violates the "least privilege" principle. As a project admin who wants more control, I'd like it. :) Regardless, good to know!

2. Next, I gave my test user project admin permissions in a Jira project using a permission scheme with the "Extended project administration" permission enabled. Then I double checked that my test user didn't have application admin permissions and logged in as the test user. I opened an editable workflow and clicked the "Add status" button as pictured below. I was only able to select existing statuses - not add any that are new by typing of otherwise. As a project-level admin, I also was not able to access the global admin page where statuses are added. So either there's another way to add statuses that I don't know about, some of you users have higher permissions than intended (check their group membership), or something else. Let me know if you figure it out. There's always more to learn! Additionally, as a project-level admin, I was not able to make any changes to an unshared Issue Type Scheme.

editing-as-project-admin.png

Thanks again, both!

Like
Awraam Fanariotis
Awraam Fanariotis March 22, 2024

Hey @Rachel Wright ,

about the Issuetypes. You are right and I was wrong ... im not sure were I picked this up. But good to have my memory refreshed. I willl test this out again to be sure.

About the Workflow:

If the workflow is simplified the user (normal user, only project admin, nothing more) is able to create new status via the board administration. Jira version 9.4.

simplifiedStatus.png

 

Like
Rachel Wright
Rachel Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 22, 2024

Hi again @Awraam Fanariotis, thanks for posting additional information! I can reproduce what you've reported, but this ability isn't part of the "Extended project administration" permission in Permission Schemes. The ability is granted by: (1) being an administrator for an individual board, (2) when the simplified workflow is in use as your screenshot depicts, and (3) having project-level admin capabilities.

But regardless of how this is capability granted - YUCK! I think your only prevention remedy is either removing individual board administration capabilities or user education.

non-admin.png

Thanks again and have a great day,

Rachel Wright
Author, Jira Strategy Admin Workbook

Like

Comment

Log in or Sign up to comment
Rachel Wright

Rachel Wright

Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader

About this author

Author, Jira Strategy Admin Workbook

Industry Templates, LLC

Traveling the USA in an RV

43 accepted answers

504 total posts

View profile
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events