What's the best way to separate my admin acct from my user acct?

I'm admin for JIRA & Confluence, and I'm learning as I go.

It recently occurred to me that I'm doing something wrong. I have just one JIRA/Confluence account, and it has system admin permissions.

When I want to create content, I use this account.

I have a feeling that this is bad practice, and that I should really have a normal user account plus a separate admin account.

Am I right to think this? If so, do you have any advice about how to make it work sensibly?

1 answer

1 vote

Your fears are perfectly reasonable, but probably unfounded.

Atlassian tends to separate out "use" from "admin" quite strongly in the permissions.  You can have an admin account that can't see any of the content, let alone amend it, because their job is admin, not user (and obviously a user has no admin access). 

Working with an account that has admin access can be very unnerving for new people, but there are some things to remember, which I hope reassures you a bit:

  • On Cloud, your admin access does not give you the rights to completely trash everything, although you can do some damage accidentally.
  • On Server, you have to re-enter credentials to become a full admin who can trash things (unless you deliberatly turn the checks off.  Even afer 12 years, I don't turn it off on anything other than development systems).
  • In both cases, you will be asked before you do something irreversible.
  • Almost all changes in most of the systems can be un-done.  The best trick I've picked up is "do not click anything that mentions delete until you are 100% sure you fully understand what you're going to kill".  If it doesn't say "delete", then it might write extra history or cause users to say things they didn't want have changed, but it's repairable without looking for a backup.

In short, what you're doing is not "bad practice".  The fact you are thinking about it and asking about it is very much "best practice". 

I wish more of the community and my users thought like you have here!

Awww, thanks! 

Side issue: Your comment about having an admin account that can't see content is very interesting. Is that already written up somewhere? I'd like to be able to sort out something like that, so that the executive team feel comfortable putting their meeting notes in Confluence.

Not sure I've seen a write up of it directly, but it's not too hard to do.

You basically create an account that is in the admin group(s) set up in the global permissions, and then make sure none of your spaces include any of the admins or admin groups in their permissions.

An admin will always be able to grant themselves access to a space though, so you always need to be able to trust them.  (Frankly, if you don't trust your admins, they shouldn't be admins)

Thanks, this is good to know. I was wondering if there was some magic that prevented the admin from granting themselves access to some content.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

885 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you