Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira Software
Questions
Can I create a custom "level 1" admin role?

Can I create a custom "level 1" admin role?

We want to hand off all the level one JIRA admin work to another team without giving them full admin access.

We want them to able to manage only user and project permissions without being able to change any email setting, workflows, etc.

Is there any way for us to achieve this?

1 answer

1 vote

You can give then "project admin" - this allows someone to add and remove users in project roles, maintain versions and components and some aspects of the workflow and screens (although that can be turned off for them). It's on a project basis too, so you can have "Alice is an admin for projects A, B and C, and Dave is an admin for C, D and E"

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks, but that's not quite what I meant.

We want to hand this over to a service desk team so we want them to be able to run a directory sync as well as administer permissions on all projects, but they shouldn't be able to touch workflows or the tickets within them.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Ok, those are things you didn't mention, so I couldn't answer.

You should not need people to run a directory sync, that's something that happens automatically and regularly. And you don't want people administrating permissions in projects, as that would pretty much mean they are Jira admins - you really want these level 1 admins to stick to putting people into the right roles in their projects, which only needs project admin rights. (Although I'd say there's no harm in having a project admin group and including it in "admin rights" in every permission scheme)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If they are testing issues someone is having, then they don't want to wait around up to an hour for a sync. Ideally I do want them to be able to force a sync.

And yes, assigning users to roles is exactly what I meant, however I don't want to give them access to workflows and tickets.

These guys will be dealing exclusively with users, roles, permissions, etc and will totally untrained on anything else.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I want them clearing Captchas as well! I'm sick of having to do this.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

You could reduce the sync cycle time instead. Forcing one isn't ideal, as there might be another one along any second, or there might already be one running.

If a user has access to maintain users, then there's nothing to stop them putting themselves into roles, there's nothing you can do there, however you approach it.

Since Jira 7.3, project admins have been able to edit workflows and in 7.5, screens too. However, full admins can block that with permissions since 7.4.

So, barring the (probably unnecessary) sync forcing, your level 1 admins do look like project admins.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Except I don't want them to be able to change workflows or anything like that.

I'll have a think about it, but that might be the only option.

Thanks for your help.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Project admins can't change workflows (or screens) if you don't want them to. They can't change the schemes for a project either.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase