Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Permission scheme Jira Premium

Edited
BenWade
BenWade Nov 09, 2023

Hi everyone, 

I am trying to set up permission scheme in Jira. I am watching this video(Alex ortiz) right now.

I found his approach confusing and wrong. 

He suggests:
create groups->assign people to groups->create roles->assign groups to roles->grant permissions to roles. It does not make sense for me. this approach just overcomplicates the whole process. creating roles should be skipped as it is pointless for me.

What I think is the correct approach: Create groups->assign people to group->grant permissions to groups. Am I correct or I am missing smth?


 

 

Answer
Watch
Like Magdi Younan likes this
96 views

3 answers

2 accepted

1 vote
Answer accepted
Marc Koppelaar
Marc Koppelaar
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Nov 09, 2023

Hi @BenWade 

The most useful hierarchy is Roles -> Groups -> Users.

Roles in a permission scheme allow project admins to grant groups or user a role in a project, no administrator needs to be involved. This can be done via the People section n the project settings

Groups or Users set in a permission scheme, will make the the people section in the project obsolete and any access granting to a project needs to be done by a site-admin

Reply
1 vote
Answer accepted
Dave Mathijs
Dave Mathijs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 09, 2023

Hi @BenWade I understand the confusion.

Best practice is to use project roles over groups for more flexibility.

  • When you grant a permission to a group, it is valid for all projects associated with that permission scheme.
    • The advantage is that group membership can be done via Active Directory (only when Atlassian Cloud is connected to an identity provider via Atlassian Access)
    • The disadvantage is that you need to be a Site Admin to manage group membership via Atlassian Administration directly.
  • On the other hand, when you grant a permission to a project role, you can grant permissions to users/groups by adding them to the project role. This is done per project.
    • The advantage is that the Project Administrator can manage access to their project themselves.
    • The disadvantage is that Project Administrators need to be well aware of this and that you have no control over this as a Site Admin.
  • The confusion comes from the fact that you can also add groups to project roles.
  • To make things even more complex, you can add default members to project roles as well. These can be users or groups.
View More Comments
BenWade
BenWade Nov 09, 2023 • edited

I am a site admin, I have a full control over everything. We have a small team and I help my team with any Jira-related questions.

So can we conclude that I should just ignore groups? I should create roles, assign users to roles and then in the permission scheme grant permissions to different roles?.
is this the best practice? So basically groups are pointless for setting up permission levels?

Like Marc Koppelaar likes this
Dave Mathijs
Dave Mathijs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 09, 2023

Groups are not pointless (if the permission should apply to all associated projects by default), but in other cases, project roles are preferred. They relieve your work as site admin because you can delegate project access and permissions to your project admin(s).

Like BenWade likes this
Marc Koppelaar
Marc Koppelaar
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Nov 09, 2023

Hi Ben,

No that is not what I and @Dave Mathijs are saying.

It all depends on how you want to structure your Jira.

If you need to have a group of users, let's say as an example systems users that are used for connection to dev systems to have access all the time, I would at these users in a group and set this group to the required permissions in the scheme

As if you would assign these users or the group just a role on the project, anyone with the project admin role could remove the users or group. or change their role.

Like # people like this
BenWade
BenWade Nov 09, 2023

@Marc Koppelaar @Dave Mathijs Now I got it. Thank you for your help guys.

Like Dave Mathijs likes this
Reply
0 votes
Flow Ace
Flow Ace Dec 04, 2023

I understand that setting up permission schemes in Jira can sometimes be a bit confusing, and different approaches may work based on specific use cases. In the video by Alex Ortiz, he suggests a method involving groups, roles, and permissions, while you find it overcomplicated and prefer a simpler approach.

Your proposed approach of creating groups, assigning people to groups, and then directly granting permissions to groups is indeed a valid and straightforward way to manage permissions in Jira. It simplifies the process by directly associating permissions with groups, avoiding the intermediate step of creating roles.

Jira's flexibility allows users to choose the method that best suits their team's structure and workflow. If your approach aligns with your team's needs and makes the process more understandable for you, there's nothing inherently wrong with bypassing roles.

It's important to note that the effectiveness of your approach also depends on the size and complexity of your Jira instance and the specific requirements of your team. If you find that your method meets your needs and is more intuitive, you're on the right track.

Ultimately, Jira provides different options for managing permissions, and the best approach is the one that aligns with your team's workflow and is easy to maintain.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events