Search the JIRA 5.0.x Beta and RCs Documentation:

Index
Downloads (PDF, HTML & XML formats)
Other versions

This documentation relates to JIRA 5.0.x Beta and RCs only.
The latest official version is JIRA 4.4.x
If you are using JIRA 4.4.x either view this page in the JIRA 4.4.x documentation or visit the JIRA 4.4.x documentation home page.
Skip to end of metadata
Go to start of metadata

Global permissions are system wide and are granted to groups of users.

See also project permissions, which apply to individual projects.

This table lists the different global permissions and the functions they secure:

Global Permission

Explanation

JIRA System Administrators

Permission to perform all JIRA administration functions.
(warning) does not include JIRA Users permission. A user with JIRA System Administrators will be able to log in to JIRA without the JIRA Users permission, but may not be able to perform all regular user functions (e.g. edit their profile) unless they also belong to a group that has the JIRA Users permission.

JIRA Administrators

Permission to perform most JIRA administration functions (see list of exclusions below).
(warning) does not include JIRA Users permission. A user with JIRA Administrators will be able to log in to JIRA without the JIRA Users permission, but may not be able to perform all regular user functions (e.g. edit their profile) unless they also belong to a group that has the JIRA Users permission.

JIRA Users

Permission to log in to JIRA.
(info) Granting the JIRA Users permission to a group also means that all newly created users will be automatically added to that group, unless the group has the JIRA System Administrators permission (as it would be unwise to automatically grant the JIRA System Administrators permission to all new users).

Browse Users

Permission to view a list of all JIRA user names and group names. Used for selecting users/groups in popup screens (such as the 'User Picker'). Enables auto-completion of user names in the 'User Picker' popup screen.

Create Shared Objects

Permission to share a filter or dashboard globally or with groups of users.

Manage Group Filter Subscriptions

Permission to manage (create and delete) group filter subscriptions.

Bulk Change

Permission to execute the bulk operations within JIRA:
- Bulk Edit *
- Bulk Move *
- Bulk Workflow Transition
- Bulk Delete *
( * subject to project-specific permissions.)

(warning) The decision to grant the Bulk Change permission should be considered carefully. This permission grants users the ability to modify a collection of issues at once. For example, in JIRA installations configured to run in Public mode (i.e. anybody can sign up and create issues), a user with the Bulk Change global permission and the Add Comments project permission could comment on all accessible issues. Undoing such modifications may not be possible through the JIRA application interface and may require changes made directly against the database (which is not recommended).

About 'JIRA System Administrators' and 'JIRA Administrators'

People who have the JIRA System Administrators permission can perform all of the administration functions in JIRA, while people who have only the JIRA Administrators permission cannot perform functions which could affect the application environment or network. This is useful for organisations which need to delegate some administrative privileges (e.g. creating users, creating projects) to particular people, without granting them complete rights to administer the JIRA system.

By default, the jira-administrators group has both the JIRA Administrators permission and the JIRA System Administrators permission. If you need some people to have only the JIRA Administrators permission (and not the JIRA System Administrators permission), you will need to use two separate groups, e.g.:

  1. Create a new group (e.g. called jira-system-administrators).
  2. Add to the jira-system-administrators group everyone who needs to have the JIRA System Administrators permission.
  3. Grant the JIRA System Administrators permission to the jira-system-administrators group.
  4. Remove the JIRA System Administrators permission from the jira-administrators group.
  5. (Optional, but recommended for ease of maintenance) Remove from the jira-administrators group everyone who is a member of the jira-system-administrators group.

People who have the JIRA Administrators permission (and not the JIRA System Administrators permission) cannot do the following:

It is recommended that people who have the JIRA Administrators permission (and not the JIRA System Administrators permission) are not given direct access to the JIRA filesystem or database.

Granting global permissions

  1. Log in as a user with the JIRA Administrators global permission (or the JIRA System Administrators global permission, if you need to grant the JIRA System Administrators global permission).
  2. Select 'Administration' > 'Users' > 'Global Permissions' to open the Global Permissions page, which shows a list of JIRA's global permissions and which groups currently have these permissions.
    (tick) Keyboard shortcut: 'g' + 'g' + start typing 'global permissions'
    Screenshot 1: the Global Permissions screen

    The Add Permission box is shown below the list.
  3. In the Permission drop-down list, select the global permission you wish to grant.
  4. In the Groupdrop-down list, either:
    • select the group to which you wish to grant the permission; or

    • if you wish to grant the permission to non logged-in users, select Anyone (not recommended for production systems). Note that the JIRA Users permission (i.e. permission to log in) cannot be granted to Anyone(i.e. to non logged-in users) since this would be contradictory.

      If you have a user limited license (e.g. personal license) and have reached your user limit, you will not be able to grant login permissions (i.e. jira-users permission) to any further groups without first reducing the number of users with login permissions.

5 Comments

Hide/Show Comments

  1. Jul 14, 2010

    Matt Doar (CustomWare)

    Before using "Anyone" in a production system, read http://jira.atlassian.com/browse/JRA-18076

  2. May 18, 2011

    Chris Feldhacker

    I think a reason somebody would TRY to do this would be to grant "all authenticated" users login access to Jira.  If Jira is configured to use an external identity directory (LDAP/AD), what is the correct way to grant "all authenticated" users login access to Jira?

  3. Sep 16, 2011

    Anonymous

    It is remarkable that there is no separate global permission for disabling password changes by users (or even better a switch in the User Creation/Detail page). Quite a rounded product...until you get in the corners. A.R.

  4. Oct 19, 2011

    Anonymous

    These settings seem to be under Administration -> Issues -> User Settings -> Global Permissions

    1. Oct 19, 2011

      Giles Gaskell [Atlassian Technical Writer]

      Hi there,

      I don't seem to see this. The instructions for accessing the 'Global Permissions' page (above) appear to be correct.

      Could you please verify this and if what you say is correct, I suggest that you contact support via the button below.

      Cheers,

      Giles.