Close

Users and permissions

What are users and groups?

In Jira, a user is any individual who can log into your Jira instance and counts towards your Jira license. A group refers to a collection of users who share the same global permissions. Using groups is an easy, convenient way of managing a collection of users when multiple users in your organization need the same permissions or restrictions.

Two groups are automatically created when you install Jira for the first time: jira-administrators and jira-software-users. Additional groups can be created by the Jira administrator.

jira-administrators

Typically contains people who are Jira system administrators. By default, this group:

  • is a member of the 'Administrators' project role.
  • has the 'Jira Administrators' and the 'Jira System Administrators' global permissions. 

jira-users

Typically contains every JIRA user in your system. By default, this group:

  • is a member of the 'Users' project role.
  • has the 'Jira Users' and 'Bulk Change' global permissions.

What are permissions and permissions schemes?

Permissions are settings that control what users can see and do within Jira. For example, some permissions dictate whether users can create new projects and whether a user can see a specific type of comment on an issue.

A permission scheme refers to the varying combinations of permissions granted to groups, project roles, and users on a per-project basis. In many organizations, multiple projects have the same needs regarding access rights. For example, only the specified project team may be authorized to assign and work on issues.

Every project has a permission scheme. One permission scheme can be associated with multiple projects. Permission schemes are copied from project to project to prevent having to set up permissions individually for every project.


What types of permissions exist?

There are three types of permissions in Jira applications: global permissions, project permissions, and issue permissions.

  1. Global permissions are system wide and are granted to groups of users.
  2. Project permissions are created within permission schemes, which are then assigned to specific projects.
  3. Issue permissions are created within permission schemes, which are then assigned to specific projects.

Global Permissions

Global permissions refer to what users can do system-wide, such as whether users can see the other users in the application. These apply to applications as a whole, not individual projects. Global permissions are granted to groups of users and can be set by a user with the Jira system administrator permission or a user in a group with Jira administrator access.

Some examples of global permissions include:

Jira system administrators (Server only)
Permission to perform all Jira administration functions.

Jira administrators
Permission to perform most Jira administration functions.

Jira users
Permission to log in to Jira.

Browse users
Permission to view a list of all JIRA user names and group names. Used for selecting users/groups in popup screens. Enables auto-completion of user names in most 'User Picker' menus and popups.

Make bulk changes
Modify collections of issues at once, including these operations:

  • Bulk edit
  • Bulk move
  • Bulk workflow transition
  • Bulk delete

Please note: People who have the Jira System Administrators permission can perform all of the administration functions in JIRA, while people who have only the Jira Administrators permission cannot perform functions which could affect the application environment or network.

Project Permissions

Project permissions refer to what users can do in a project. Project permissions are first created within permission schemes, which are then assigned to specific projects.

Please note: Project admin cannot customize the permission schemes for a project. These permissions can be set by a user with the Jira System administrator permission or a user in a group with administrator access.

Some examples of project permissions include:

Administer projects
Permission to administer a project in Jira. This includes the ability to edit project role membership, project components, project versions, and some project details ('Project Name', 'URL', 'Project Lead', 'Project Description').

Browse projects
Permission to browse projects, use the Issue Navigator, and view individual issues. Many other permissions are dependent on this permission, e.g. the 'Work On Issues' permission is only effective for users who also have the 'Browse Projects' permission.

Manage sprints
Permission to perform the following sprint-related actions for all projects in a board.

View workflow
Permission to view the project's 'read-only' workflow when viewing an issue.

Issue Permissions

Issue permissions refer to what users can to an issue, within the bounds of the project’s permissions and are organized into security schemes. These permissions can be set by a user with the Jira System administrator permission, a user in a group with admin access, or a project admin.

Some examples of issue permissions include:

Assign Issues
Permission to assign issues to users. Also allows autocompletion of users in the Assign Issue drop-down.

Assignable User
Permission to be assigned issues. (Note that this does not include the ability to assign issues; see Assign Issue permission above).

Close Issues
Permission to close issues.

Create Issues
Permission to create issues in the project.

Delete Issues
Permission to delete issues.

Edit Issues
Permission to edit issues (excluding the 'Due Date' field — see the Schedule Issues permission).

Link Issues
Permission to link issues together.


What are project roles?

Project roles are a flexible way to associate users and/or groups with particular functions and projects. They are similar in concept to groups, with the main difference being that group membership is global whereas project role membership is project-specific. Additionally, group membership can only be altered by Jira administrators, whereas project role membership can be altered by project administrators. Jira administrators can create, edit, and/or delete project roles according to your organization’s needs.

Users are assigned project roles, and these roles are used in permission schemes to assign permissions to a user. These schemes are then leveraged by several projects to administer their permissions.

Mapping logic of assigning user a project role in Jira Software

Multiple users can be assigned to a role, but similarly, multiple roles can be assigned to a user.

Assigning a user multiple project roles in Jira Software

Consider the following use case: Your organization requires all software development issues to be tested by a Quality Assurance person before being closed.

  1. Create a project role called Quality Assurance.
  2. Create a permission scheme called Software Development and assign the 'Close Issue' permission to the Quality Assurance project role, meaning someone on the QA team has to inspect the issue and deem it ready for deployment.
  3. Associate the Software Development permission scheme with all software development projects.
  4. For each software development project, add the appropriate Quality Assurance people to the Quality Assurance project role.

In Jira, there are 3 default project roles: Administrators, Developers, and Users. 

Administrators
These users administer a given project in your Jira application. They can add new users or groups, and manage components and versions as well. A project administrator is someone who has the project-specific 'Administer Project' permission, but not necessarily the global 'Jira Administrator' permission.

Developers
These users work on issues in a given project. They can be issues assignees and can edit, and log work on those issues.

Users
These users create issues in a given project. They can view and comment on the issues they raised.