Hi!
We are new to Jira and right now setting up and testing user roles.
How it is: At the moment we have 2 projects; one is a software project and the other a business project.
We created 2 new user groups: Programmers and Consultants
The programmers should be able to view and edit everything a "jira software user" can do in both projects.
The Consultants should be able to view and edit everything a "jira software user" can do, but only for the business project. The Consultants should not be allowed to edit anything in the software project. Basically thee Consultants should be in read-only-mode for the software project.
We tried to find out with google / the forum on this, but the cases were different.
What options do we have to solve this? What do you suggest?
Regards
Stefan
As the other have said you need to work with permissions. Since you're new, here are some tips you should find useful
JIRA permissions
First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.
JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups). This is where users are getting their access.
This may be a big effort, but it will pay off down the road by making it easy to control access.
Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.
Do not delete issues. When you delete it is GONE. Hardly a week goes by without someone wanting to restore an issue. Deleting issues will come back and bite you when it is the most inconvenient. I suggest closing with a resolution value of Deleted anything you want to delete. I implement a special transition only the project lead can execute and it requires filling in a reason field from a select list (such as entered in error, OBE, Duplicate, Other) and explanation text.
Deleting issues destroys historical data. Missing issue numbers will eventually cause a question about what it was and why was it deleted even if it was done properly. Missing data always brings in the question of people hiding something that may have looked bad.
The only viable way to restore an issue is to create a new instance of JIRA and restore a backup that has the issues. Then export them to a csv file and import them to your production instance. You will lose the history.
Do not delete users
Users should be made inactive not deleted. JIRA uses a pointer to the user’s DB entry to display user information. If you delete a user when you open a JIRA issue the user worked on anywhere the user that would be displayed will cause a SQL error. Even if the user never logged on or were assigned a ticket the history of the ticket will get an error when you display it.
Resolution Field
Resolution Field can't be made optional. DO NOT put the field on any screen except the one presented in the transition where it is to be set. Resolution is a special field in JIRA. It has an initial value of ‘Unresolved’, which means the field is NULL in the database. It is ALWAYS required when it appears on the screen. ONLY display it on the screen during a transition to the status where you want it set. Once it is set the issue ID will appear with as strikethrough. If you re-open an issue the transition from closed to reopen needs to have a post function to CLEAR the resolution field to set it back to Unresolved.
Limiting resolution options
Use the jira.field.resolution.include workflow property
for exampl jira.field.resolution.include =1,2,3 where 1,2,3 are the resolution ids
https://confluence.atlassian.com/adminjiraserver071/workflow-properties-802592825.html
Put JIRA under CR
I STRONGLY suggest you treat JIRA like a production system, put it under change control (CR), and track all requests for any updates, especially new projects, new custom fields, changes in any of the schemes, etc. That way at least the reporter will know when the actions happen and you'll have a audit trail. I've worked many similar tools to JIRA and too many times no one knows anything about why they are configured why they are because there is no requirements or CR. Things are just done based on emails that have disappeared and hallway or lunch conversations.
If you don't already have a separate change control tool create a JIRA project. I use a basic workflow with a few custom issue types:
Custom field: with a select list of create, update. The description would be to create a new field or modify a current select list, buttons, etc. of a current one
Create Project: I would have text fields for issue types, custom fields, select list/values, per issue types
New Issue Type: description would include all fields and workflow desired.
Workflow: Select list of Create, update, delete. Description of what needed.
Other: Select list of Notification Scheme, permission scheme, field configuration, other
This should get you started. If you aren't familiar with your CR process there should be a configuration management person to talk to.
The goal is to manage what you do and be able to track who asked for what. For instance, if someone wants a new custom field you want to check to see if there already is one you can use that they don't know about. JIRA will let you have multiple custom fields with the same name, which will just confuse you.
Notifications
I have found the default notification scheme is overkill everywhere I've setup JIRA. If you haven't setup the default user profile to exclude sending updates they make I suggest you change the default and have all the users modify their profile. Talk to your users to see what they want. Most reporters want create, close, and maybe one or two other milestones statuses depending on the issue type. You can easily create custom events to put in the transition post functions for those events. If you allow people other than the assignee to work on the issue the assignee may want notification of things they do, especially update and comment.
Hi @Stefan
You need to look into permission scheme and project role. For each project, create two distinct permission scheme, for the software project, give access to your programmers and edit permission, for the consultant just give them browse project permission they will be able to see all issue but can't edit them.
I will also put those groups in to projects role ang dive permission to the project role, is more easy to follow and make change if it's necessary.
More information here ;
https://confluence.atlassian.com/adminjiracloud/managing-project-permissions-776636362.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Stefan ,
From what you have described I think making use of Project Roles would be really good here.
You should check out some of the documentation on managing roles and role membership:
https://confluence.atlassian.com/adminjiraserver/managing-project-roles-938847166.html
If you have any additional questions please feel free to ask!
-Jimmy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.