we just start to delegate to user administration to project leaders: so far we used groups for the user management so only jira-admins could grant access rights in our Jira.
The problem is that the project leads can cause security risks: they are able to access rights even to the 'jira-users' group.
Is there any feature (plugin, script, etc.) we can restrict the users/groups for the project leads with? So they could browse role permission only for a particular users or groups. Or the same would be if it could be banned to grant groups to roles only users.
You know: if they grant role permission to a failed user it's not a big problem like granting access to all the users ('Jira-users').
If I understand your problem correctly...
...then I think you experiencing something that I have previously come across. A design oversight that I would call a bug. I do not think that there is currently a way around this - but would love to be proved wrong.
The reason why I am submitting this as an Answer rather than as a Comment is that there is an open issue that should be relevant:
Atlassian are not planning to address the issue in the next 12 months but they are inviting feedback.
So this is your chance to have your say...
What’s New as of May 21, 2020 Hi there! We recently made some changes to the way you can leverage Single-sign on and authorization within Opsgenie. Based on customer preference and feedback we intr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events