Managing Roles and Permissions for Next-gen projects

G'day Atlassian community!

My name is Abhinaya Sinha and I'm a product manager for Jira. I've some exciting news to share with you on managing permissions and roles in next-gen projects. 

Recently, we shipped the ability to create roles and to edit permissions for these roles. For convenience sake, we'll refer to this functionality as "Custom Roles" for the remainder of this article. 

You might know that when you create a next-gen project, you get certain roles from the get-go. For Jira Software, these roles are "Administrator", "Member", and "Viewer". For Jira Service Desk, these roles are "Administrator", "Agent", and "Viewer". These roles have predefined permissions assigned to them. These permissions are associated to the role and cannot be changed. Therefore, these default roles cannot be changed either. 

Now, thanks to shipping "Custom Roles", you can create roles of your choice. You still continue to have the 3 roles mentioned above in your next-gen projects. When you create a role, you select the permissions you would like to associate to that role, from a pre-existing list of permissions.

Once a role has been created, you can do 4 things with it:

  • You can view the permissions associated with that role
  • You can change those associated permissions 
  • You can clone an existing role and use that as a starting point to create a new role with different permissions
  • Finally, you can delete a role. However, before you do so, you must move any users that belong to that role to another role.

How to access "Custom Roles"

  • You access custom roles by clicking on the “manage roles” button under Project Settings > Access (Project Settings > Internal access for Jira Service Desk). 

customroles_1.png

  • Since you wouldn’t have created any roles the very first time you access this feature, you’ll see just the 3 system roles mentioned earlier in this article, on the dialog box that comes up on clicking on “manage roles” button.
  • To create a role, click on the “create role” button. Give the role a name, an appropriate description, and the permissions you would like to associated to that role. Optionally, you may choose to assign this role to users in your project. 

customRoles_2.png

customRoles_3.png

  • Once a role has been created, it will start appearing on the “manage roles” modal. In my case, I created a role and named it "Developer". I see that role in the "manage roles" modal. 

customRoles_7.png

  • You can now view the role and see the permissions associated to it by clicking on the role. You could edit the permissions if you would like to, by clicking on "Update" or just close the dialog. 

customRoles_8.png

  • In addition, you can clone this role to use it as a starting point for a new role you might want to create and you can delete the role if you no longer need it. If there are any users having this role, we'll warn you asking you to move those users to another role. Note, as mentioned earlier, you cannot edit or delete default roles. Hence, you won't see those options for "Administrator", "Member", and "Viewer". However, you can see the permissions associated with those roles and clone those roles to create new ones. 

customRoles_9.png

customRoles_10.png

  • A final note - "Custom Roles" is available to customers who are on Jira Standard and Premium plans. If you are on Jira Free, you will need to upgrade. 

We hope you find "Custom Roles" useful and look forward to hearing from you! 

What's coming next

In the coming months, we’ll add support for permissions from marketplace apps so that you can leverage those for any roles you might create. If there is anything else you would like us to add, let us know!

Thank you.

Cheers,

Abhinaya

23 comments

Sudhir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 25, 2020

This is amazing!

Neetu Verma March 23, 2020

Hi- I dont see "Access" Under Project setting. Do we need to enable it somewhere?

Thanks

Neetu

Rakesh Katti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 25, 2020

@Neetu Verma Which project are you checking Jira Software or Jira Service Desk?

Maru March 26, 2020

@Abhinaya Sinha 

This is indeed a welcome feature! But, do you have this documentation in Japanese?

Neetu Verma March 27, 2020

I was checking with my JIRA software project.

RaeRo April 2, 2020

I'm surprised this was a prioritized feature. I have many other outstanding issues with next-gen projects, and managing permissions wasn't even on my radar. This doesn't move the needle either way for my groups to adopt next-gen projects. 

Like # people like this
Chris Faulkner April 2, 2020

I'd like to see the functionality that lets me switch the group that comments are visible for, much like the feature on the "old" jira tickets. This way I can manage letting clients into the tickets.

AngelSilva April 2, 2020

easy!!

DWS Admin April 2, 2020

Somehow I can't find the "Access" in my project setting neither in JSD nor JSW. Do I need to update or do anything else in order to see the item??Annotation 2020-04-03 085307.png

Chris Faulkner April 3, 2020

@DWS admin at some point "People" turned into "Access". We use Jira Cloud which updates automatically, so maybe there is an update that you need.

Abhinaya Sinha
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2020

@DWS admin please note that this feature has been shipped to next-gen. You are in a classic project which is why you are not seeing it. Please refer to the first screenshot in my article. 

@Chris Faulkner "People" page turned into "Access" for next-gen projects. For classic, it is still called "People". 

Like Chris Faulkner likes this
Abhinaya Sinha
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2020

@Maru we don't translate the article. However, this related content is in Japanese. Is it useful and does it address what you are looking for? 

https://support.atlassian.com/ja/jira-software-cloud/docs/next-gen-permissions/

Abhinaya Sinha
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2020

@Neetu Verma are you sure you are using a next-gen JSW project? If you are not sure, can you please send a screenshot and we can let you know. 

Thanks!

Ed Hirst April 3, 2020

Can I use this to create a custom role that allows everything except for access management?
We wish to manage our project access centrally, but give project owners access to do everything else.

 

i.e. the "Administer" role gives the following:

Edit access, manage people and permissions, configure issue types and their fields, enable project features, and delete the project.

 

I want to give someone the ability to configure issue types and their fields, enable project features, but not do anything else in that list.

Is that possible at this time? 

Like Lars Mählmann likes this
Darren Smith April 6, 2020

Apologies if it has been mentioned before - but does the Viewer permission still require a licence within JIRA?

We have a LOT of staff that only very occasionally touch JIRA in any shape or form. It would be great to inject a whole list of Viewers from an AD export that could see comments that directly affect them. 

The restrictions listed in the Viewer role above would be perfect - just to view tasks themselves and comment upon them. We would need nothing more.

Like # people like this
Jasper Rijk April 15, 2020

It would be nice if I could add a certain custom role to every project in my account.

Deleted user April 21, 2020

Useful article. But an user with any rol, will require an additional licence? Or just those added to "Agents" role?

Abhinaya Sinha
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 10, 2020

Hi Atlassian community, 

I am excited to announce the launch of a couple of additions to this feature:

We hope you'll find these useful and look forward to hearing from you. 

Cheers,

Abhinaya

bandeweg December 9, 2020

I'm looking into this. And tried some test on a test project. 

When i create a role with collaboration right is states the user only have to have site acces and not needs Jira product access. But strangely i can't make this work? I have to add the user to the Jira product? Am i missing something here?

 

Screenshot 2020-12-09 at 21.46.51.png

Ian Plamondon January 20, 2021

How about the ability to create roles globally, so you can utilize the role within multiple projects, and the ability to tie groups into specific roles. I need to add external users to the platform, and I'm struggling to give them the limited access I need to specific projects "easily".

AngelSilva January 20, 2021

Crea un grupo, llámalo "Cliente" o como quieras, y luego en el proyecto asocias este grupo con privilegios solo de visualización.

Ciao!

Pierangelo Repetti April 23, 2021

Hello,

 

it seems to me you need to create the same custom role with the same permissions for each next-gen project you want to link it to. Is there a way to create it just once, then make it available for any other project ?

 

Thanks

Marq Herrod October 26, 2022

Hey @Abhinaya Sinha , 

So my company's issue is actually kind of the inverse of the examples your giving above whereas were looking to prevent some external vendors from seeing anything within all of our NextGen projects. As of now they're only supposed to be able to view 1 project within our instance but because of this issue on NextGen projects they're able to view all 15 of our NextGen projects too. Unfortunately we cannot simply modify the overall privacy level of those projects as they should generally be open to all Jira app users, its just these specific external users that we don't want seeing them. 

I've attempted to accomplish this by creating custom roles for the vendors with all permission levels left unchecked/disabled, however, this is still not working because all of the permission levels are geared towards adding permissions rather than removing them. 

Do you know of any other method to accomplish what I'm trying to do using this functionality or any other? 

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events