Conquering Jira Permissions

Thank You.

Hi @Ben Thoma  and Team,
Thank you for the great webinar on 11/20.  A few weeks after the course, it became very apparent my company with over 250 and (growing quickly) jira users needs a better permission scheme.  We have about 20 distinct business units (with some cross over) that will be using Jira and Confluence with a corporate oversight over them.

I started mapping this out and wanted to ask for a critique of my approach based on the webinar content.

As you aptly pointed out several times, I want to distribute to the the lowest level possible the management of projects, and even people and roles if possible.  I intend to limit groups to just be based on permission scheme differences: Site Admins, Jira Admins, Confluence Admins, Jira Users, Confluence Users.  Eventually, Jira Users will only be able to view most projects with project roles dictating additional permissions.

Project Admins will add Jira users themselves to the appropriate roles for the proper project permissions.

I also eventually plan on rolling out SSO/LDAP.

This above approach is moving away from a current approach where individual business units have one or several of their own groups defined.  This of course needs to be managed at the site admin level with group permissions, which is not ideal.  One question here, how can I keep users organized based on those business units if not with groups?

I'd love your thoughts on my approach.  Is there anything I may have missed or any advise you could give me?

Thank you very much, and these webinars have been very useful.
-Nick Fannin

FYI: We just announced our next webinar in this series: Is Your Jira Instance Secure?