I see that the Project Permission Administer Projects includes the ability to manage project ROLE membership. How can I remove that specific permission? We want all our users to be able to manage Versions and Components for our projects, but we do NOT want them to administer ROLE membership.
1. How can we give them the Version & Component rights WITHOUT giving them the Role administration rights? Can the Administer Projects rights be edited/changed or can a different Project Permission be created that contains the Version & Component rights but does NOT contain the Role rights?
2. Why are these rights all bundled into a single permission? Roles are very powerful and a typical user could easily mistakenly grant access to the wrong people or groups via the Roles administration screen. It doesn't seem to make sense to bundle this right with the typical project administration rights like Versions and Components.
A suggestion to accomplish this would be for each project to use their own permission scheme, where the permissions are granted to groups (projectA-devs, projectA-users etc) , and the names of the groups are then assigned appropriate permissions in the scheme. Your workflows would also need to not use role, but use the "has permission" condition instead. Project admins could still modify roles, but that would have no effect on anything.
This would be very cumbersome to maintain, but, without source hacking, I think this is the only way to accomplish it.
Roles are probably the biggest feature since jira 3.7 in terms of decentralising control and support... I'd consider educating your users maybe before trying to disable this.
Roles are powerful and beneficial to project admins - you don't have to make cumbersome or frequent requests of your JIRA Admins in order to control project access. As Jamiementioned, this decentralization is key to providing more control at a project level (and typically makes project admins very happy).
Susan, you're mentioning an interesting use case, and without attempting to argue merits either way, another, possibly expedient, option would be to leverage roles in your permission schemes and workflows and publicly document which roles provide what access or specific conditions. Train your staff to reference the documentation and adhere to the standards, and follow-up and provide assistance if needed. Usually, by demonstrating the value of the configuration and providing self-service and support, folks will do the right thing.
"How can we give them the Version & Component rights WITHOUT giving them the Role administration rights?"
Is it still true that there is no easy way to separate those permissions by default without using a plugin or any of the workarounds mentioned above?
Everything below is tested on Ubuntu 17.10. I prefer to use Jira in a docker container because: 1. I can install Jira with a couple of commands. 2. I can start and stop Jira just by starting and s...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot