we just start to delegate to user administration to project leaders: so far we used groups for the user management so only jira-admins could grant access rights in our Jira.
The problem is that the project leads can cause security risks: they are able to access rights even to the 'jira-users' group.
Is there any feature (plugin, script, etc.) we can restrict the users/groups for the project leads with? So they could browse role permission only for a particular users or groups. Or the same would be if it could be banned to grant groups to roles only users.
You know: if they grant role permission to a failed user it's not a big problem like granting access to all the users ('Jira-users').
If I understand your problem correctly...
...then I think you experiencing something that I have previously come across. A design oversight that I would call a bug. I do not think that there is currently a way around this - but would love to be proved wrong.
The reason why I am submitting this as an Answer rather than as a Comment is that there is an open issue that should be relevant:
Atlassian are not planning to address the issue in the next 12 months but they are inviting feedback.
So this is your chance to have your say...
It's officially Tuesday, which means it's officially time for another tip to help you better navigate this space we call the Atlassian Community. 😄 I got a great question from community member, Sa...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs