Managing project permissions
Some project permissions require product access. This means they're applicable only if your users have access to the Atlassian product associated with the permission. For example, if you give someone the permission to edit issues in a Jira Software project, they still require product access to Jira Software to use this permission.
If you add users to a role that grants particular permissions, make sure these users have product access to Jira Software (for software projects) or Jira Service Management (for service projects). Otherwise, your users will see a read-only version of the projects you want them to work on.
Only a Jira admin can grant individual product access. Learn more about product access
Project permissions overview
The following table lists different types of project permissions and user actions they allow. Note that project permissions can also be used in workflow conditions.
Project permissions | Explanation |
|---|---|
Administer projects | Permission to administer a project in Jira. This includes the ability to edit project role membership, project components, project versions, and some project details (Project Name, URL, Project Lead, Project Description). Granting this permission alongside the Browse projects permission lets a user see the audit log for a specific project. A user with the Administer Projects permission automatically becomes a project admin. Unlike Jira admins, project admins can't manage multiple system configurations, including project permission schemes. Learn more about the differences between a project admin and Jira admin |
| Extended project administration | Gives the project administrator the ability to edit workflows and screens under certain conditions, as well as maintain their own workflows within predefined guardrails (data type recommendations for identifying potential risks and making decisions about your instance optimization). |
Browse projects | Permission to browse projects, use the Issue Navigator, and view individual issues, except for the issues that have been restricted via issue-level security. Many other permissions depend on this permission. For example, the Work on issues permission only works for users who also have the Browse projects permission. Granting this permission alongside the Administer projects permission lets a user see the audit log for a specific project. |
Manage sprints (only available to Jira Software users) | Permission to perform the following sprint-related actions for all projects on a board. When you have complex board filter queries, you should be careful with configuring the Manage sprints permission for users. For more information on the impact of complex filters and ways to simplify your filter query, see Using Manage Sprints permission for advanced cases. |
Start/Complete sprints (only available to Jira Software users) | Permission to start sprints and end them when the sprint dates are set. This permission doesn’t let the user change any sprint properties, such as the name, goal, and dates. The user can only change sprint status to Active or Completed. |
Edit sprints (only available to Jira Software users) | Permission to change the sprint name and goal. With this permission, the user can’t change sprint dates nor start or end a sprint. |
View development tools (only available to Jira Software users) | Permission to view the Development panel, which provides the user with information to evaluate the status of an issue's development. |
View (read-only) workflow | Permission to view the project's read-only workflow when viewing an issue. This permission provides the View workflow link in the Status field in the issue view. |
Issue permissions | Explanation |
Assign issues | Permission to assign issues to users. This permissions also allows autocompletion of users in the Assign Issue dropdown. |
Assignable user | Permission allows a user to be assigned issues but doesn't include the ability to assign issues to other users. The latter is provided by the Assign Issues permission. |
Close issues | Permission to close issues based on the workflow conditions. This permission helps developers resolve issues and testers close them. It also requires the Transition Issue and Resolve Issue transitions. |
Create issues | Permission to create issues and sub-tasks (if enabled) in the project. To create attachments, the Create attachments permission is also required. Users with this permission don’t need the Browse projects permission to create issues. However, you should still ensure that your users at least have permission to browse projects. Otherwise, even though they will be able to create an issue, they won’t be able to see it. |
Delete issues | Permission to delete issues along with individual comments and attachments in them.
|
Edit issues | Permission to edit issues and convert issues to sub-tasks and vice versa, if sub-tasks are enabled.
|
| Link issues | Permission to link issues together when issue linking is enabled. |
Modify reporter | Permission to modify the Reporter of an issue so that it’s created on behalf of another user. This permission should generally only be granted to administrators. |
Move issues | Permission to move issues from one project to another or from one workflow to another workflow within the same project. With this permission, users can only move issues to a project where they have Create Issue permission. |
Resolve issues | Permission to resolve and reopen issues based on the workflow condition, as well as set the Fix for version field for issues. Note that this permission requires the Transition Issues permission. |
Schedule issues | Permission to schedule issues by editing the Due Date and Sprint fields. In older versions of Jira, this permission also controls the permission to view the fields. When granting this permission, make sure your users also have at least the Browse Projects permission. Without it, they won't see any projects and issues in them. |
Set issues security | Permission to set the security level for an issue to control who can access the issue. The permission is relevant if issue security has been enabled. |
| Transition issues | Permission to change the status of an issue. |
Voters & watchers permissions | Explanation |
Manage watcher list | Permission to manage the watcher list of an issue: view users, add them to or remove them from the list. |
View voters and watchers | Permission to view the voter list and watcher list in issues. |
Comments permissions | Explanation |
Add comments | Permission to add comments to issues but without the ability to edit or delete comments. |
Delete all comments | Permission to delete any comments, regardless of who added them. |
Delete own comments | A user with this permission can only delete their own comments. |
Edit all comments | Permission to edit any comments, regardless of who added them. |
Edit own comments | A user with this permission can only edit their own comments. |
Attachments permissions | Explanation |
Create attachments | Permission to attach files to issues if attachments are enabled. This permission doesn't include the ability to delete attachments. |
Delete all attachments | Permission to delete any attachments, regardless of who added them. |
Delete own attachments | A user with this permission can only delete their own attachments. |
Time-tracking permissions | Explanation |
Work on issues | Permission to log work on an issue (that is to create a worklog entry) if time tracking is enabled. This permission is required as a prerequisite for applying the other time-tracking permissions. |
Delete all worklogs | Permission to delete any worklog entries, regardless of who added them. This permission only works if time tracking is enabled. |
Delete own worklogs | A user with this permission can delete only their own worklog entries. This permission only works if time tracking is enabled. |
Edit all worklogs | Permission to edit any worklog entries, regardless of who added them. This permission only works if time tracking is enabled. |
Edit own worklogs | A user with this permission can edit only their own worklog entries. This permission only works if time tracking is enabled. |
| Archiving permissions | Explanation |
| Archive issues for a project | Permission to archive issues in a specific project. This permission doesn't allow the user to archive issues in bulk. |
| Restore issues for a project | Permission to restore issues in a specific project. |
| Browse archive | Permission to view all archived issues. To do this, go to Issues > Archived issues. |
| Browse project archive | Permission to view archived issues that belong to a specific project. To do this, go to Issues > Archived issues. |
Permission schemes
Learn about the concept of permission scheme and why you should use it to configure user permission on your Jira instance.
What is a permission scheme?
A permission scheme is a set of assignments between project permission and a user, group, or role. Every project has a permission scheme. One permission scheme can be associated with multiple projects.
Why use permission schemes?
In many organizations, multiple projects have the same requirements for access rights. Permission schemes eliminate the need to set up permissions individually for every project. Once a permission scheme is set up it can be applied to all projects that have the same type of access requirements.
Default vs. project-specific permission scheme
All Jira instances come with the Default Permission Scheme that contains default configurations for all permissions on your instance. You can't delete the default permission scheme.
Also, when you create a software or business project, it already has its own permission scheme assigned. The permission configurations in this project-specific scheme are very similar to those in the default permission scheme.
You can delete the permission scheme that comes with your software or business project. In this case, the default permission scheme will apply to your project. A project must always have an assigned permission scheme.
You can also create your own permission scheme and assign it to a project. The new permission scheme you assign will override the permission scheme that was previously assigned to the project. Learn how to change the permission scheme for your project
Creating a permission scheme
To create a new permission scheme:
- In the upper-right corner of the screen, select Administration
> Issues. - Select Permission Schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
- Select Add Permission Scheme.
- In the Add Permission Scheme form, enter a name and a short description of the scheme.
- Select Add. You'll return to the Permission Schemes page where you'll find the new scheme.
Adding users, groups, or roles to a permission scheme
To add a user, group, or role that can have permissions from a permission scheme:
- In the upper-right corner of the screen, select Administration > Issues.
- Select Permission Schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
- Open a scheme by selecting Permissions in the Actions column.
- Select Edit for a permission where you want to add a user, group, or role.
- You’ll see the Grant permission dialog. Select who you want to grant the permission to. Select Grant. The selected users, groups, and roles will be added to the permission.
Project roles are useful for defining specific team members for each project. Selecting project roles rather than users or groups can help you minimize the number of permission schemes in the system.
Deleting users, groups, or roles from a permission scheme
To remove a user, group, or role from a permission scheme:
- In the upper-right corner of the screen, select Administration > Issues.
- Select Permission Schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
- Open a scheme by selecting Permissions in the Actions column.
- Select Remove for a permission where you want to delete a user, group, or role
- Select a user, group, or role you want to remove. Then, select Remove. The deleted users, groups, and roles won’t be able to perform an action provided by the permission.
Associating a permission scheme with a project
To apply a permission scheme to a project:
- In the upper-right corner of the screen, select Administration > Projects.
- Select a project. See Defining a project for more information.
- In the Project settings, go to Permissions.
- Select Actions > Use a different scheme.
- On the Associate Permission Scheme to Project page, select a permission scheme you want to associate with the project.
- Select Associate. The scheme will be applied to the project.
Deleting a permission scheme
To delete a permission scheme:
- In the upper-right corner of the screen, select Administration > Issues.
- Select Permission Schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
- Select Delete in the Actions column. Note that you can delete the Default Permission Scheme.
- On the Delete Permission Scheme page, select Delete to confirm your action. The scheme will be deleted. All associated projects will be automatically associated with the Default Permission Scheme.
Copying a permission scheme
To copy a permission scheme:
- In the upper-right corner of the screen, select Administration > Issues.
- Select Permission Schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
- Select Copy in the Actions column. The copy will be created with the same permissions as well as with the same users, groups, and roles assigned to them.