Can I create a custom "level 1" admin role?

We want to hand off all the level one JIRA admin work to another team without giving them full admin access.

We want them to able to manage only user and project permissions without being able to change any email setting, workflows, etc.

Is there any way for us to achieve this?

1 answer

1 vote

You can give then "project admin" - this allows someone to add and remove users in project roles, maintain versions and components and some aspects of the workflow and screens (although that can be turned off for them).  It's on a project basis too, so you can have "Alice is an admin for projects A, B and C, and Dave is an admin for C, D and E"

Thanks, but that's not quite what I meant.

We want to hand this over to a service desk team so we want them to be able to run a directory sync as well as administer permissions on all projects, but they shouldn't be able to touch workflows or the tickets within them.

Ok, those are things you didn't mention, so I couldn't answer.

You should not need people to run a directory sync, that's something that happens automatically and regularly.  And you don't want people administrating permissions in projects, as that would pretty much mean they are Jira admins - you really want these level 1 admins to stick to putting people into the right roles in their projects, which only needs project admin rights.  (Although I'd say there's no harm in having a project admin group and including it in "admin rights" in every permission scheme)

If they are testing issues someone is having, then they don't want to wait around up to an hour for a sync. Ideally I do want them to be able to force a sync.

And yes, assigning users to roles is exactly what I meant, however I don't want to give them access to workflows and tickets.

These guys will be dealing exclusively with users, roles, permissions, etc and will totally untrained on anything else.

I want them clearing Captchas as well! I'm sick of having to do this.

You could reduce the sync cycle time instead.  Forcing one isn't ideal, as there might be another one along any second, or there might already be one running.

If a user has access to maintain users, then there's nothing to stop them putting themselves into roles, there's nothing you can do there, however you approach it. 

Since Jira 7.3, project admins have been able to edit workflows and in 7.5, screens too.  However, full admins can block that with permissions since 7.4.

So, barring the (probably unnecessary) sync forcing, your level 1 admins do look like project admins.

Except I don't want them to be able to change workflows or anything like that.

I'll have a think about it, but that might be the only option.

Thanks for your help.

Project admins can't change workflows (or screens) if you don't want them to.  They can't change the schemes for a project either.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,787 views 18 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you