What permissions are assigned by JIRA by default?

Carlos Garcia Navarro
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 4, 2017

I'm a little confused about the default permissions that are assigned by JIRA by default. By reading the documentation (https://confluence.atlassian.com/cloud/manage-groups-744721627.html) I see that the following groups are created by default for JIRA application: users, jira-developers, administrators, site-admins, jira-users.  The 'Jira users' and 'Bulk change' permissions are added to the jira-users by default. What is the 'Jira users' permission? When looking at the global permissions in the Jira admin area (I'm using the Cloud instance) I can see 'JIRA Administrators', 'Browse Users', 'Create Shared Objects', 'Manage Group Filter Subscriptions', 'Bulk Change', but not 'Jira users'.  Am I missing something? In the documentation I also read about the 'anyone group' that can be used to grant anonymous permission.  Somewhere else I read that 'Create Shared Objects' is a permission assigned by default to the jira-users group.

In short, my question is , what are the default groups created in JIRA and what permissions are created by default? Thanks!

 

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 4, 2017

You've got most of it there, you've listed the defaults, apart from the last "Create shared objects" which is not granted to jira-users by default. 

The Jira Users permission is "these guys can log in", but it's slightly different on Cloud and Server, and Cloud won't show it to you in the same way.

Carlos Garcia Navarro
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 6, 2017

Thanks Nic.  A few follow up questions:

- How many groups are created by default?

- Are all the global permissions I listed in my original question except for 'Create shared objects' assigned to each default group by default ('JIRA Administrators', 'Browse Users', 'Manage Group Filter Subscriptions', 'Bulk Change', 'Jira users')?  Even the 'JIRA Administrators' permission is assigned to jira-users?

- What are the differences for Cloud and Server in regards to the Jira users permission?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 6, 2017

Depends on the application(s) being installed.  But not many.

Before 7, you used to just get jira-users.  Jira 7 has three applications now and gives you a group for each as well as jira-users - jira-software-users, jira-core-users and jira-servicedesk-users depending on which ones you install and how.

The rest are the same - jira-administrators and jira-developers.

Finally, it's changed slightly recently - the jira-users group is now added to all global permissions except the two admin ones.

Carlos Garcia Navarro
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 12, 2017

Thanks for the information.  It makes sense!

1 vote
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 4, 2017

The jira-users GLOBAL permission is to be able to logon to JIRA.  From a project perspective you need to be concerned with the PERMISSION SCHEMES. That is where you determine who can create, edit, browse, etc. in the project. Beware, be default the jira-users group is given permission for pretty much all project actions. The first thing you should do is REMOVE the jira-users group from everything in the permission scheme, otherwise you'll eventually be trying to figure out how to restrict a user from a group and you can't.  Every new user is put in the jira-users group.  I suggest using project roles. that way the project admin can manage who has access.   I've never messed with the default groups. 

Carlos Garcia Navarro
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 6, 2017

It makes sense, Joe. Thanks for the recommendation. Currently I've groups and roles in the permission scheme.  I din't set up the JIRA instance and I noticed that the jira-users groups had a lot of permissions, so I was wondering which permissions were created by default by JIRA (and which ones may have been added by an administrator later).

Suggest an answer

Log in or Sign up to answer