What JIRA groups should crowd use?

Jira 7.4.2, Crowd 2.12.0

I am setting up JIRA to use Single SignOn, using a crowd delegated directory with authentication against an AD LDAP, and user information synchronization on login.

The documentation Integrating Crowd with Atlassian JIRA says to create the groups jira-users, jira-developers and jira-administrators, so this is what I did, setting the users to have the jira-users group as initial membership.

Then I had a user log into JIRA using her AD credentials. Her user was created in crowd and got the jira-users membership, but she was told on login that she had insufficient privileges to log in.

When I look at the global permissions admin page in Jira, it just assigns permissions to two groups: jira-administrators and jira-software-users

So what should I do:

  1. Use the group jira-software-users in crowd?
  2. Add the required permissions to the jira-users and jira-developers?

I think alternative 2 will be hard to get right, so I guess alternative 1 is the right answer?

However, since there is no longer a jira-developer group created by default, is there no longer any need to make that distinction?

It used to be that anyone doing more than reporting and commenting on issues (i.e. project leads, component leads and developers) would have to be in the jira-developers group. Can the necessary roles be assigned to jira-software-users?


1 answer

1 accepted

0 votes
Accepted answer

JIRA 7's implementation of applications has changed the way groups get access and changed the defaults, so a lot of docs out there are based on old information.

The easy answer is that you can do whatever you want, but that's not of any use to you.  Both of your suggestions are valid.

I'd tend towards the first though, as it's closer to the defaults that Atlassian give out.

And then, yes, you don't need to worry about jira-developers.  You can use whatever groups you want to provide basic access (a flat "jira-software-users can use jira Software" is a really good simple approach), and then expand other permissions with other groups.  For "new user will always have access to project X", yes, use jira-software-users to the roles in X.

Thanks! I'm going with alternative 1 for now.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,729 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you