What JIRA groups should crowd use?

Steinar Bang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 14, 2017

Jira 7.4.2, Crowd 2.12.0

I am setting up JIRA to use Single SignOn, using a crowd delegated directory with authentication against an AD LDAP, and user information synchronization on login.

The documentation Integrating Crowd with Atlassian JIRA says to create the groups jira-users, jira-developers and jira-administrators, so this is what I did, setting the users to have the jira-users group as initial membership.

Then I had a user log into JIRA using her AD credentials. Her user was created in crowd and got the jira-users membership, but she was told on login that she had insufficient privileges to log in.

When I look at the global permissions admin page in Jira, it just assigns permissions to two groups: jira-administrators and jira-software-users

So what should I do:

  1. Use the group jira-software-users in crowd?
  2. Add the required permissions to the jira-users and jira-developers?

I think alternative 2 will be hard to get right, so I guess alternative 1 is the right answer?

However, since there is no longer a jira-developer group created by default, is there no longer any need to make that distinction?

It used to be that anyone doing more than reporting and commenting on issues (i.e. project leads, component leads and developers) would have to be in the jira-developers group. Can the necessary roles be assigned to jira-software-users?

Thanks!

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 14, 2017

JIRA 7's implementation of applications has changed the way groups get access and changed the defaults, so a lot of docs out there are based on old information.

The easy answer is that you can do whatever you want, but that's not of any use to you.  Both of your suggestions are valid.

I'd tend towards the first though, as it's closer to the defaults that Atlassian give out.

And then, yes, you don't need to worry about jira-developers.  You can use whatever groups you want to provide basic access (a flat "jira-software-users can use jira Software" is a really good simple approach), and then expand other permissions with other groups.  For "new user will always have access to project X", yes, use jira-software-users to the roles in X.

Steinar Bang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 14, 2017

Thanks! I'm going with alternative 1 for now.

Suggest an answer

Log in or Sign up to answer