In our setup, we use an external system to handle privilege management of all our IT services (basically using LDAP). In context of Jira, a project administrator should get a project in which the project roles are bound to certain LDAP groups. He/she needs to just change the group membership using the external system to change the Jira privileges for his/her project.
What we want to achieve is that the project administrator cannot use Jira`s user management to avoid inconsistencies. But he/she should still be able to define versions, components, etc.
Is this currently possible?
Are there any issues planned to support such a setup?
Edit:
Thanks for both answers! They definitely offer a way to go. However, to ease the administration, the role management is quite helpful.
Is there currently a way to just disable the role management for project administrators?
Ok, then no. Project Admins can maintain roles, versions and components. There's currently no way to separate them out (Atlassian have said they're looking at making admin functions more granular. No timetable on that yet though). Dumping the use of roles by making them useless is abut your only option here.
Unless you wanted to start with code changes. Then you could start doing stuff like removing or redirecting the role membership admin screens.
Hi Tobias,
Hmm, would it be possible to only configure your JIRA and LDAP integration to be purely 'Read Only'? This way, your admin users would not be able to change the group memberships (and most of the user details, etc) of the LDAP users, as they cannot change anything in LDAP from within JIRA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You'd also need to make sure that none of your permission schemes use roles in any way, as the trick Joe describes means that the admins would still be able to maintain user roles in their projects (it would stop them having any effect in the projects)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.