I'd like to be able to either restrict Project Admins from adding the jira-users group to a project Role, or perhaps even better, only allow them to add individual users to Roles.
We currently don't allow any project roles in our permission schemes because of people adding jira-users or unauthorized groups to a project. We have hundreds of projects, many of which have security restrictions.
I've tried to figure this out from many approaches, but can't see how to accomplish this. If we could do this, our project admins would be really happy because they wouldn't have to ask Jira admins to add every user they need.
I'm beginning to think there is no honest way to do this-- maybe editing something at the application that would just hide the Group Role from Project Admins?
Thanks for any help.
Nope, the only delegation here is to use roles, and they'll let you add jira-users.
I'm afraid you're stuck here, unless you want to dive into a bit of coding in the core of Jira. I did that a while ago and simply disabled the ability to add any groups in roles, but it was a bit of a pain (and pre-Jira 4.2, so I suspect is totally unsuitable nowadays).
Another option might be to script something that regularly removes jira-users if it's found in any roles, but I never got that far.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG