I'm a little confused about the default permissions that are assigned by JIRA by default. By reading the documentation (https://confluence.atlassian.com/cloud/manage-groups-744721627.html) I see that the following groups are created by default for JIRA application: users, jira-developers, administrators, site-admins, jira-users. The 'Jira users' and 'Bulk change' permissions are added to the jira-users by default. What is the 'Jira users' permission? When looking at the global permissions in the Jira admin area (I'm using the Cloud instance) I can see 'JIRA Administrators', 'Browse Users', 'Create Shared Objects', 'Manage Group Filter Subscriptions', 'Bulk Change', but not 'Jira users'. Am I missing something? In the documentation I also read about the 'anyone group' that can be used to grant anonymous permission. Somewhere else I read that 'Create Shared Objects' is a permission assigned by default to the jira-users group.
In short, my question is , what are the default groups created in JIRA and what permissions are created by default? Thanks!
You've got most of it there, you've listed the defaults, apart from the last "Create shared objects" which is not granted to jira-users by default.
The Jira Users permission is "these guys can log in", but it's slightly different on Cloud and Server, and Cloud won't show it to you in the same way.
Thanks Nic. A few follow up questions:
- How many groups are created by default?
- Are all the global permissions I listed in my original question except for 'Create shared objects' assigned to each default group by default ('JIRA Administrators', 'Browse Users', 'Manage Group Filter Subscriptions', 'Bulk Change', 'Jira users')? Even the 'JIRA Administrators' permission is assigned to jira-users?
- What are the differences for Cloud and Server in regards to the Jira users permission?
Depends on the application(s) being installed. But not many.
Before 7, you used to just get jira-users. Jira 7 has three applications now and gives you a group for each as well as jira-users - jira-software-users, jira-core-users and jira-servicedesk-users depending on which ones you install and how.
The rest are the same - jira-administrators and jira-developers.
Finally, it's changed slightly recently - the jira-users group is now added to all global permissions except the two admin ones.
The jira-users GLOBAL permission is to be able to logon to JIRA. From a project perspective you need to be concerned with the PERMISSION SCHEMES. That is where you determine who can create, edit, browse, etc. in the project. Beware, be default the jira-users group is given permission for pretty much all project actions. The first thing you should do is REMOVE the jira-users group from everything in the permission scheme, otherwise you'll eventually be trying to figure out how to restrict a user from a group and you can't. Every new user is put in the jira-users group. I suggest using project roles. that way the project admin can manage who has access. I've never messed with the default groups.
It makes sense, Joe. Thanks for the recommendation. Currently I've groups and roles in the permission scheme. I din't set up the JIRA instance and I noticed that the jira-users groups had a lot of permissions, so I was wondering which permissions were created by default by JIRA (and which ones may have been added by an administrator later).
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot