We want to hand off all the level one JIRA admin work to another team without giving them full admin access.
We want them to able to manage only user and project permissions without being able to change any email setting, workflows, etc.
Is there any way for us to achieve this?
You can give then "project admin" - this allows someone to add and remove users in project roles, maintain versions and components and some aspects of the workflow and screens (although that can be turned off for them). It's on a project basis too, so you can have "Alice is an admin for projects A, B and C, and Dave is an admin for C, D and E"
Ok, those are things you didn't mention, so I couldn't answer.
You should not need people to run a directory sync, that's something that happens automatically and regularly. And you don't want people administrating permissions in projects, as that would pretty much mean they are Jira admins - you really want these level 1 admins to stick to putting people into the right roles in their projects, which only needs project admin rights. (Although I'd say there's no harm in having a project admin group and including it in "admin rights" in every permission scheme)
If they are testing issues someone is having, then they don't want to wait around up to an hour for a sync. Ideally I do want them to be able to force a sync.
And yes, assigning users to roles is exactly what I meant, however I don't want to give them access to workflows and tickets.
These guys will be dealing exclusively with users, roles, permissions, etc and will totally untrained on anything else.
You could reduce the sync cycle time instead. Forcing one isn't ideal, as there might be another one along any second, or there might already be one running.
If a user has access to maintain users, then there's nothing to stop them putting themselves into roles, there's nothing you can do there, however you approach it.
Since Jira 7.3, project admins have been able to edit workflows and in 7.5, screens too. However, full admins can block that with permissions since 7.4.
So, barring the (probably unnecessary) sync forcing, your level 1 admins do look like project admins.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot