Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Assigned to Administrators Group - but cannot delete Issues

JT
JT April 21, 2017

NOTE:  Some field data has been removed from the images below.

Cap1.PNG

Since assigned to the "administrators" group, how is this possible below ?

Cap3.PNG

 

Cap4.PNG

 

Cap1.PNGI am assigned to the administrators group.  The documentation uses the terminology JIRA System Administrators, JIRA Administrators, Administrator, Project Administrator, and Board Administrator - but all in different parts of the documentation.  The Settings uses Administrator - which I assume applies to any "Administrator."

So to which group does an "administrators" assigned Group member belong ?

 

* * * * *

Also, when I follow this:

https://confluence.atlassian.com/adminjiraserver071/managing-project-role-membership-802592468.html#Managingprojectrolemembership-viewing

Choose > Projects.
Choose Users and roles in the left menu to view and manage project role membership.

There is NO "Users and roles" in the web portal.

The only thing in our web portal is "Projects and Project Categories."

* * * * *

Where is a table that lists the different types of "Administrators" and clearly shows the default permissions for each ?

We are looking for WYSIWYG "Administrator" in the classical meaning of an "Administrator."

Does the JIRA System Administrator have to create permission schemes for every single user ?

Answer
Watch
Like Be the first to like this
1008 views

1 answer

0 votes
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 23, 2017

Hi HJLBX - Roles and groups are different things.

Your user is in the 'administrators' group, but the 'Delete issues' permission is given to the 'Administrators' role. If the 'administrators' group does not hold the 'Adminsitrators' role in the project you are interested in, then people in that group won't be able to delete issues.

Based on your previous queston, I think you are using JIRA Cloud, so I'll refer to the Cloud docs in links below.

To see what JIRA-wide permissions people in the 'administrators' group have, check the global permissions.

(but note that in JIRA Cloud, the 'JIRA System Administrators' global permission is not generally available, becasue it is restricted to Atlassian Tech Support).

To see what project-specific permissions people in the 'administrators' group have, look at the permissions scheme that applies to the project you are interested in. If the scheme grants permissions by project role (as you screen shots show), then you need to check 'Users and Roles' inside the project settings.

One way check 'Users and Roles' in JIRA Cloud:

  • Select your project from the Projects menu at the top of the screen
  • Once in your project, click Project Settings (the cog icon) in the left hand nav bar
  • Then, on the 'Project Settings' page, click Users and Roles.

With the default set-up, you'll probably see something like this:

users-and-roles.png

What this shows is that people in the 'jira-admistrators' group have the 'Administrators' role for this particular project, but people in the 'adminstrators' group do not. Something like this probably explains why your user can't delete issues.

Putting them in the 'jira-adminstrators' group will probably solve the problem for you.

View More Comments
JT
JT April 23, 2017

Is there some kind of Reply time-out on this board ?  Because if we are working on a reply for a long time, then when we select the "Reply" button, the reply will not post.  We have to copy-paste our reply and all formatting is lost. This is getting extremely annoying since it is requiring double-work and extra time that we do not have.


Thanks Sam. We really do appreciate your explanations, but have additional questions.  There are also some statements below that hopefully Atlassian Staff will see.


3 of us are sitting here and scratching our heads because in the documentation, it states that Administrators are a Group.  See first sentence on this page:

https://confluence.atlassian.com/adminjiracloud/managing-global-permissions-776636359.html


However, on this page it states that JIRA administrators are project roles (the language can be interpreted various ways):

https://confluence.atlassian.com/adminjiracloud/managing-project-roles-776636382.html


The documentation explanations are not clear and getting lucid answers is taking up an atrocious amount of our time - time that we don't have since we are a very busy small team.  It is for this very reason that we very quickly dumped Team Services.


The documentation is using vague, inconsistent or otherwise unclear language.  For example, only now do we see that a jira-administrator is a Role whereas an administrator is a Group in the above images of the pertinent sections of the web application.  From our perspective, the documentation is not WYRIWYG.


Also, we are trying to find in the documentation an explicit explanation of the difference between "Administrators" and "administrators." In the JIRA Cloud documentation, the terminology used is JIRA System Administrator, JIRA Administrator, Project administrator and Board administrator.


Quite frankly, the JIRA Cloud documentation is a convulted mess since what we read does not always exactly correspond to the actual web application.


There is no table that explicitly shows the different Administrators and compares their default permissions ?


If a user is assigned to the "administrators" Group, must they also be assigned a Project role ?


If we assign the "administrators" Group to the Administrator's Role, will this allow the "administrator" to delete ?


So Projects are permssion scheme based (which is exactly what we do NOT want to deal with) with no way to set a base set of permissions for all Projects ?

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

Hi HJLBX - Sorry about the slow reply. Missed your response and am busy too! But I'll do my best to help you now.

Firstly, yes - if you spend too much time writing a reply on this board it does seem to 'timeout'. Pretty annoying when coupled with the formatting loss on copy/paste. Both issues have been fed back to Atlassian by several people. Take a look at the feedback forum to see what people are saying and add your feedback in there if you want - it helps make this community better.

Secondly, I agree that the documentation on this is difficult to follow. I'd urge you to feedback to Atlassian on this (in your Cloud instance, click the bullhorn icon in the top menu bar).

feedback-to-atlassian.png

Thirdly, I'll try to hep you on the docs and other questions in some further replies below...

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

"3 of us are sitting here and scratching our heads because in the documentation, it states that Administrators are a Group.  See first sentence on this page:

https://confluence.atlassian.com/adminjiracloud/managing-global-permissions-776636359.html"

Do you mean this sentance: "Global permissions are system-wide and are granted to groups of users."?

This doesn't mean that the global permissions listed on that page are groups. It's saying that these are permissions that can be assigned to groups. It's up to you to choose which groups you want to give these permissions to.

In the list of global permissions, you'll see that there are two that give you access to the administration functions in JIRA:

1. The JIRA System Administrators permission 

2. The JIRA Administrators pemission

Neither of these are groups. They are permissions which you assign to a group (or groups).

A user who is in a group with one of these permissions will be able to see and use:

  • the JIRA Administration menu (i.e. the cog in the top menu bar) which takes you into the JIRA application admin pages.
  • an 'Admin' menu when viewing issues which has some useful admin functions
  • the 'Project settings' page for any project

Take a look at the the Global Permissions in your instance to see which groups have these permissions.

(note that, in Cloud, you probably won't see the JIRA System Administrators one, because it is generally restricted on JIRA Cloud and is only applicable for JIRA Server. I don't know why the Global Permissions help page for Cloud mentions it. I assume because some instances may have it enabled).

By default, I think you'll find people the following groups will have the JIRA Administrators permission:

  • site-admins
  • administrators
  • jira-administrators
Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

The next thing to realise about JIRA Administrators and JIRA System Administrators global permissions is that they are not project permissions. Nor are they project roles.

The global permissions only grant the rights to administer and configure JIRA projects and settings. People with these permissions are generally refered to as 'JIRA adminstrators'.

In your question above, you said:

"However, on this page it states that JIRA administrators are project roles (the language can be interpreted various ways):

https://confluence.atlassian.com/adminjiracloud/managing-project-roles-776636382.html"

Did you mean this text?: "JIRA administrators define project roles — that is, all projects have the same project roles available to them"

This isn't saying that 'JIRA adminstrators' is a project role. It just saying that JIRA administrators (i.e. people with access to the admin menus) can edit the global, pre-defined list of project roles available to use throughout JIRA.

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

There is no table that explicitly shows the different Administrators and compares their default permissions?

Hopefully from the info above, it's now clear that:

  • 'JIRA administrators' means people with the JIRA Administrators / JIRA System Administrators global permissions.
  • Having these permissions doesn't grant any abiity to see or do stuff within projects. Just the ability to change the 'behind-the-scenes' project settings/configuration.

So, taking those out of the equation - where is the table that shows the default permissions that people have within projects?

Answer: It's in JIRA. Go to JIRA Administration > IssuesPermission schemes.

Here you'll find the default permission scheme that gets used for new projects.

If you look at that scheme, you see exactly who has each of the project-related permissions by default.

Unless you've edited the scheme, you'll probably see most permissions are granted to 'Any logged in user'. But a few, like the delete issues permission, are granted to Project Role: 'Adminstrators'.

So who gets the project role 'Adminstrators' by default?

To check go to JIRA Administration > System > Project Roles.

FInd the project role with name 'Adminstrators' and, in the 'Actions' menu on the right click Manage Default Members.

This will show which groups get given this role in a project when it is created. I think you'll see just the 'jira-administrators' group here.

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

If a user is assigned to the "administrators" Group, must they also be assigned a Project role ?

It depends what you want them to be able to do in a particular project or projects. Let me know if there is something specific and I'll try to help.

If we assign the "administrators" Group to the Administrator's Role, will this allow the "administrator" to delete?

Yes - assuming your project uses the default permission scheme, which has the 'Delete Issues' permission granted to the 'Administrators' role.

To change existing projects, you'll need to do this using 'Users and Roles' from within the project settings.

If you want this to happen in all new projects created in future, you can use JIRA Administration > System > Project Roles > Manage Default Members.

Another opton is to simply grant the 'Delete' issues permission directly to the 'administrators' group, then they don't have to hold any particaular project role to be able to delete issues.

So Projects are permssion scheme based (which is exactly what we do NOT want to deal with) with no way to set a base set of permissions for all Projects ?

Actually, this is exactly what you want. You can set up one permission scheme which defines the permissions you want, and apply it to all projects.

The permissions can be:

  • project role based* (meaning the same user or group can take different roles in different projects)
  • group based
  • individual user based
  • a combination of all the above and much more

It's a hugely powerful and configurable set-up which covers a massive range of use cases.

If you are a visual thinker, there's a decent diagram here which shows how a user can be granted permisions: https://confluence.atlassian.com/adminjiracloud/configuring-permissions-776636357.html

* The advantage of using project role based permissions is that your JIRA Admin(s) can delegate the maintenance of user role membership to someone with the 'Administer projects' permission.

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 27, 2017

Oh. One more thing... here is the page from the Atlassian Cloud doc which attempts to describe the default permissions that each group gets on new Cloud instances.

https://confluence.atlassian.com/cloud/manage-groups-744721627.html

Sadly, it's out of date, I think.

To be fair it does have a disclaimer "Depending on when you created your site, there might be slight differences in the default groups that exist in your instance.", but in my instance:

  • There is no 'jira-developers' group 
  • The 'administrators' group is not a member of the 'Administrators' project role by default
  • However, there is a 'jira-administrators' group which is a member of the 'Administrators' project role.

Anyway, I hope this all helps a bit.

I might try to get Atlassian to update the docs if I have a moment, but have no idea if I can!

Like
JT
JT April 30, 2017

Thanks Sam for th extensive explanation.  We will study it and with your explanations should eventually be able to sort it all out.

Just never enough hours in the day...

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events