Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restricting People Permissions

Jeremy Yates
Jeremy Yates February 10, 2025

Hello,

 

Looking for any guidance or insight on the ability to restrict Project Admins ability to change people permissions.  We'd like to allow our project admins to do just about everything within their given project, while not allowing them to change the people permissions and directly add/remove people and groups to the project (we are managing them more globally with combinations of Groups, Project Roles, and Permission Schemes).

 

Thanks for any insight you may have, appreciated.

Answer
Watch
Like Be the first to like this
147 views

2 answers

1 vote
Petru Simion _Simitech Ltd__
Petru Simion _Simitech Ltd__
Atlassian Partner
February 10, 2025

Hi @Jeremy Yates ,

 

Your question is ambigous.

You use the terms Jira Admins intercheangeable with Project Admins.

 

If your projects are company managed, which seems to be the case as you say you want to administer permissions globally, then you can not restrict Jira Admins from managing Permissions. JIra is designed to allo Jira Admins to do the global settings.

Your Project Admins is a role and it is project specific, in the sense that in each project you can assign different users to the Project Admins role. They have some limited configuration privileges only.

They do not have the ability to modify the Permission scheme or to change it, only JIra Admins can.

It is the Permission scheme that dictates the permissions and the User, Group Roles that are part of the permission scheme are a global setting, only available to the Jira Admins.

Because only Jira Admins can create a Permission scheme and assign it to Projects.

 

Hope this helps.

 

Regards, 

 

Petru

View More Comments
Jeremy Yates
Jeremy Yates February 11, 2025

Hi @Petru Simion _Simitech Ltd__ 

 

I believe I've corrected the language above.  In short, we want only our Jira Admins to be be the only ones to be able to add/remove people and groups from a project, while allowing the Project Admins to do just about everything else within their given project.

Like
Petru Simion _Simitech Ltd__
Petru Simion _Simitech Ltd__
Atlassian Partner
February 11, 2025

Hi @Jeremy Yates ,

 

The Project Admins are allowed by default by Jira to add users to Roles.

The fact that a Project Admin adds users to Role has no effect on the final solution if it is not corelated with Permission Schemes.

You can have Role - Alpha, and have users X, Y Z assigned to the role.

If the Permission scheme does not associate the Role Alpha to any of the operations  in the Permission Scheme the Role just sitts orphan. So the fact that a Project Admin added those users to the role has no meaning.

So the Jira Admin will define the Permission Scheme and associate it to your project or projects.

When the Permission Scheme is defined the Jira Admin has in mind that later users assigned the Project Admin will have the ability to add users to Role, therefore to decide who can do what regarding to the defined Permission Scheme.

Each project, will have it's Project Admins, that need to understand clearly the Permission Scheme and only assign users to roles accordingly and they should understand who can do what in that specific project.

 

So in fact, what you are asking, that the Project Admin has limited ability to affect your project is already in place by how Jira designed the solution.

Shortly the Jira Admins decide the how, meaning how the Permission Scheme will be designed, and later, for each project, the Project Admins will decide the who, meaning who can do what, according to the already defined Permission Scheme.

At the beginning you will have only one Project Admin user.

That user in turn, because it is a Project Admin, will be able to not only add users to Roles but add other users to the Project Admin role. 

So you and your team need to clearly understand the concept and apply it. 

 

Regards, 

 

Petru

Like
Reply
0 votes
Joe Pitt
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 10, 2025

You can't. You should have policies as to what roles can do what. If they don't follow them you need a new admin. 

View More Comments
Jeremy Yates
Jeremy Yates February 11, 2025

This is the unfortunate conclusion I am bringing myself to accept.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events