Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources
  • Community
  • Products
  • Jira Software
  • Questions
  • I see that the Project Permission "Administer Projects" includes the ability to manage project ROLE membership. How can I remove that specific permission?

I see that the Project Permission "Administer Projects" includes the ability to manage project ROLE membership. How can I remove that specific permission?

Susan Molnar
Susan Molnar November 1, 2011

I see that the Project Permission Administer Projects includes the ability to manage project ROLE membership. How can I remove that specific permission? We want all our users to be able to manage Versions and Components for our projects, but we do NOT want them to administer ROLE membership.

1. How can we give them the Version & Component rights WITHOUT giving them the Role administration rights? Can the Administer Projects rights be edited/changed or can a different Project Permission be created that contains the Version & Component rights but does NOT contain the Role rights?

2. Why are these rights all bundled into a single permission? Roles are very powerful and a typical user could easily mistakenly grant access to the wrong people or groups via the Roles administration screen. It doesn't seem to make sense to bundle this right with the typical project administration rights like Versions and Components.

Thanks,

Susan

Answer
Watch
Like Juanma likes this
1672 views

4 answers

2 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 1, 2011

A suggestion to accomplish this would be for each project to use their own permission scheme, where the permissions are granted to groups (projectA-devs, projectA-users etc) , and the names of the groups are then assigned appropriate permissions in the scheme. Your workflows would also need to not use role, but use the "has permission" condition instead. Project admins could still modify roles, but that would have no effect on anything.

This would be very cumbersome to maintain, but, without source hacking, I think this is the only way to accomplish it.

Roles are probably the biggest feature since jira 3.7 in terms of decentralising control and support... I'd consider educating your users maybe before trying to disable this.

Reply
0 votes
Torsten Meringer
Torsten Meringer March 8, 2018

"How can we give them the Version & Component rights WITHOUT giving them the Role administration rights?"


Is it still true that there is no easy way to separate those permissions by default without using a plugin or any of the workarounds mentioned above?

View More Comments
mimacomFlowable Sysadmin Team
mimacomFlowable Sysadmin Team August 30, 2019

We have the same requirement but these permissions seem to be still "coupled" 

Like
Reply
0 votes
Holger Schimanski
Holger Schimanski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 6, 2016

Please have a look at Version Manager for JIRA plugin. This plugin allows you to delegate create, edit and release of version to user or project role independend from administer project permission.

Best regards
Holger

Reply
0 votes
Charles Wells
Charles Wells
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2014

Roles are powerful and beneficial to project admins - you don't have to make cumbersome or frequent requests of your JIRA Admins in order to control project access. As Jamiementioned, this decentralization is key to providing more control at a project level (and typically makes project admins very happy). 

Susan, you're mentioning an interesting use case, and without attempting to argue merits either way, another, possibly expedient, option would be to leverage roles in your permission schemes and workflows and publicly document which roles provide what access or specific conditions. Train your staff to reference the documentation and adhere to the standards, and follow-up and provide assistance if needed. Usually, by demonstrating the value of the configuration and providing self-service and support, folks will do the right thing.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events