Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to disable the user management for project administrators?

Tobias Schlauch
Tobias Schlauch September 22, 2013

In our setup, we use an external system to handle privilege management of all our IT services (basically using LDAP). In context of Jira, a project administrator should get a project in which the project roles are bound to certain LDAP groups. He/she needs to just change the group membership using the external system to change the Jira privileges for his/her project.

What we want to achieve is that the project administrator cannot use Jira`s user management to avoid inconsistencies. But he/she should still be able to define versions, components, etc.

Is this currently possible?

Are there any issues planned to support such a setup?

Edit:

Thanks for both answers! They definitely offer a way to go. However, to ease the administration, the role management is quite helpful.

Is there currently a way to just disable the role management for project administrators?

Answer
Watch
Like Michael Tiede likes this
361 views

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 22, 2013

Ok, then no. Project Admins can maintain roles, versions and components. There's currently no way to separate them out (Atlassian have said they're looking at making admin functions more granular. No timetable on that yet though). Dumping the use of roles by making them useless is abut your only option here.

Unless you wanted to start with code changes. Then you could start doing stuff like removing or redirecting the role membership admin screens.

Reply
1 vote
Theinvisibleman
Theinvisibleman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 22, 2013

Hi Tobias,

Hmm, would it be possible to only configure your JIRA and LDAP integration to be purely 'Read Only'? This way, your admin users would not be able to change the group memberships (and most of the user details, etc) of the LDAP users, as they cannot change anything in LDAP from within JIRA.

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 22, 2013

You'd also need to make sure that none of your permission schemes use roles in any way, as the trick Joe describes means that the admins would still be able to maintain user roles in their projects (it would stop them having any effect in the projects)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events