You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I’ve had to restructure permissions a few times now and I thought it might be beneficial to share some of the things I have learned over the years and some of the things that I setup to reduce the amount of permissions maintenance I need to complete after completing these steps.
The first thing you will want to do is take a look at what project roles you have on your Jira instance (you can find these in the Admin section under the system menu). What roles you have listed will depend on your own Jira instance. You may want to add more roles to provide you with enough flexibility to create different sets of permissions to assign to users & groups.
Create new roles as necessary to categorize permissions
Permission schemes can only be edited by Jira Admins so the more changes that can be delegated to project admins the betters.
I have two ways I have set this up in the past. I wouldn’t say one is better than the other, I have used both it depends on the members using the project and what makes the most sense for them to think about permissions:
Additive permission roles:
With this setup the project roles are a hierarchy and the higher level roles will contain all of the permissions that the lower tiers.
When assigning project roles in this setup, you will only assign users/groups a single role, and you will change the role to upgrade/downgrade the permissions.
Separate roles for different sets of permissions:
With this setup you will assign users/groups as many roles as they require to get all the necessary permissions they require. Note: this setup should also make sure that the roles accurately describe the permissions they will provide
By using groups, If group membership is coming from a third party identity provider, changes to group members won’t require you to make any changes to project permissions to clean up users that shouldn’t have access anymore.
This is what I have used to setup project permissions, I would love to heard thoughts, opinions and best practices from others as well.
Also, If you are interested in watching my video version of this, you can find it on my YouTube channel: