You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
On Tuesday, November 19, 2019 we hosted an Atlassian University Live webinar to cover the topic of Jira Permissions.
You can learn more about Jira Permissions—including topics not covered in the webinar—in this free, complete Skillbuilder course.
Please use this Community forum to ask any questions about the Skillbuilder course or Jira Permissions for your organization.
Hi @Ben Thoma and Team,
Thank you for the great webinar on 11/20. A few weeks after the course, it became very apparent my company with over 250 and (growing quickly) jira users needs a better permission scheme. We have about 20 distinct business units (with some cross over) that will be using Jira and Confluence with a corporate oversight over them.
I started mapping this out and wanted to ask for a critique of my approach based on the webinar content.
As you aptly pointed out several times, I want to distribute to the the lowest level possible the management of projects, and even people and roles if possible. I intend to limit groups to just be based on permission scheme differences: Site Admins, Jira Admins, Confluence Admins, Jira Users, Confluence Users. Eventually, Jira Users will only be able to view most projects with project roles dictating additional permissions.
Project Admins will add Jira users themselves to the appropriate roles for the proper project permissions.
I also eventually plan on rolling out SSO/LDAP.
This above approach is moving away from a current approach where individual business units have one or several of their own groups defined. This of course needs to be managed at the site admin level with group permissions, which is not ideal. One question here, how can I keep users organized based on those business units if not with groups?
I'd love your thoughts on my approach. Is there anything I may have missed or any advise you could give me?
Thank you very much, and these webinars have been very useful.
Interesting question @Nick Fannin. What do you think, @Christian Czaia _Decadis AG_? Anyone else have thoughts?
I think there is no real way to cluster users into business units apart from mapping them to groups (or organizations in a Service Desk context). Group management will be a pain though I guess :-) I worked for companies that had full-time admins that were just in charge of group management.
Either way I suggest using LDAP rather sooner than later;-)