Managing project permissions

Project permissions are created within permission schemes, which are then assigned to specific projects by Jira Administrators. Project permissions can be granted to:

  • Individual users
  • Groups
  • Project roles
  • Issue roles such as Reporter, Project Lead, and Current Assignee
  • The Anyone group to allow anonymous access
  • A multiuser picker custom field.
  • A multigroup picker custom field, which is either an actual group picker custom field or a multiselect list where values are group names.

Some permissions depend on others to ensure that users can perform desired actions. For example, if a user wants to be able to resolve an issue, they must be granted both the Transition Issue permission and the Resolve Issue permission. 

On this page:

The following table lists different types of project permissions and the functions they secure. Note that project permissions can also be used in workflow conditions.

Project permissions overview


Project permissions

Explanation

Administer projects

Permission to administer a project in Jira. This includes the ability to edit project role membershipproject componentsproject versions, and some project details (Project Name, URL, Project Lead, Project Description).

This permission granted together with the Browse Projects permission allows you to see the audit log for a specific project.

Extended project administration

Gives the project administrator the ability to edit workflows and screens under certain conditions, as well as maintain their own workflows within predefined guardrails.

Restrictions for editing the project's workflows...
  • The workflow mustn't be shared with any other projects and mustn't be a system workflow.
  • Only a status that already exists on the instance can be added to the workflow. The project administrator can't create new statuses or edit existing ones.
  • A status can be deleted if it's not used in any of the project's issues.
  • The project administrator can create, update, or delete transitions. But they can't select or update a screen used by the transition nor edit and view a transition's properties, conditions, validators, or post-functions.
Restrictions for editing the project's screens...
  • The screen mustn't be a default system screen.
  • The screen mustn't be shared with any other projects nor used as a transition screen in workflows.
  • The project administrator can add, remove, and rearrange system fields.
  • The project administrator can add, remove, and rearrange existing custom fields, but they can't create custom fields.
Why can your project administrator edit workflows when the permission is disabled?

When the Extended project administration permission is disabled, a project administrator may still be able to edit the Simplified Workflow by adding statuses that may not exist in the system. 

This is because your project administrator is also listed as a board administrator. Their changes to the Simplified Workflow will alter the project’s regular workflow. 

As a solution to this issue, we recommend switching from the Simplified Workflow to the regular workflow. 

Browse projects

Permission to browse projects, use the Issue Navigator, and view individual issues, except for the issues that have been restricted via issue-level security

Many other permissions depend on this permission. For example, the Work On Issues permission only works for users who also have the Browse Projects permission.

This permission granted together with the Administer Projects permission allows you to see the audit log for a specific project.

Manage sprints (only available to Jira Software users)

Permission to perform the following sprint-related actions for all projects on a board.

See the list of actions
  • Create sprints
  • Start sprints
  • Complete sprints
  • Reopen sprints
  • Reorder future sprints
  • Add sprint goals
  • Delete sprints
  • Edit sprint information (sprint name, goal, dates)
  • Move the sprint footer

When you have complex board filter queries, you should be careful with configuring the Manage Sprints permission for users. For more information on the impact of complex filters and ways to simplify your filter query, see Using Manage Sprints permission for advanced cases.

Notes on working with sprints

In general, sprint actions require the Manage Sprints permission. But there are some sprint actions (like adding issues to sprints or removing issues from sprints) that require the Schedule Issues and Edit Issues permissions.

When adding an issue to a sprint:

  • Sub-tasks can't be moved independently of their parents.
  • An issue can only be assigned either to one active sprint or to one future sprint. You can't add an issue to both an active sprint and a future sprint at the same time.
  • You can add any issue to any active or future sprint even if the issue doesn't match a filter query of the board where the sprint was created. When you do this:
    • The issue will be assigned to the sprint but won't be visible on boards where the filter query excludes it.
    • Any sprint actions (like starting a sprint or closing a sprint) that span multiple boards will also affect the sprint in all boards where the sprint is visible.
    • If the issue doesn't match the filter query of any agile board, the issue will be linked to the sprint but won't appear in any board.
  • A sprint appears on any board—a single board or multiple boards—as long as the issues assigned to the sprint match the filter query of the board or boards. This also applies to completed sprints.

See Planning sprints for more information.

Start/Complete sprints (only available to Jira Software users)

Permission to start sprints and end them when the sprint dates are set. This permission doesn’t allow you to change any sprint properties, such as the name, goal, and dates. You can only change sprint status to Active or Completed.

Edit sprints (only available to Jira Software users)

Permission to change the sprint name and goal. With this permission, you can’t change sprint dates nor start or end a sprint.

View development tools (only available to Jira Software users)

Permission to view the Development panel, which provides you with proper information to evaluate the status of an issue's development.

View (read-only) workflow

Permission to view the project's read-only workflow when viewing an issue. This permission provides the View workflow link in the Status field in the issue view.

Issue permissions

Explanation

Assign issues

Permission to assign issues to users. This permissions also allows autocompletion of users in the Assign Issue dropdown.

Assignable user

Permission allows a user to be assigned issues but doesn't include the ability to assign issues to other users. The latter is provided by the Assign Issues permission.

Close issues

Permission to close issues based on the workflow conditions. This permission helps developers resolve issues and testers close them. It also requires the Transition Issue and Resolve Issue transitions. 

Create issues

Permission to create issues and sub-tasks (if enabled) in the project. To create attachments, the Create Attachments is also required.

Delete issues

Permission to delete issues along with individual comments and attachments in them.

  • To delete only comments or only attachments, but not issues, users need the Delete Comments or Delete Attachments permissions, respectively. 
  • But if the user doesn’t have these permissions and is deleting an issue, the related comments and attachments will be deleted. 
  • Think carefully which groups or project roles you assign this permission to. Usually, it’s only given to administrators. 

Edit issues

Permission to edit issues and convert issues to sub-tasks and vice versa, if sub-tasks are enabled.

  • Users with this permission won’t be able to edit the Due Date field. To allow this, give them the Schedule Issues permission. 
  • The Edit Issues permission is usually given to groups or project roles that have the Create Issues permission. But if all your users can create issues, you may want to give the Edit Issues permissions only to some of them. 
  • To delete issues, the Delete Issues permission is required. 
Link issues

Permission to link issues together when issue linking is enabled.

Modify reporter

Permission to modify the Reporter of an issue so that it’s created on behalf of another user. This permission should generally only be granted to administrators.

Move issues

Permission to move issues from one project to another or from one workflow to another workflow within the same project. With this permission, users can only move issues to a project where they have Create Issue permission.

Resolve issues

Permission to resolve and reopen issues based on the workflow condition, as well as set the Fix for version field for issues. Note that this permission requires the Transition Issues permission. 

Schedule issues

Permission to schedule issues by editing the Due Date field. In older versions of Jira, this permission also controls the permission to view the Due Date field.

Set issues security

Permission to set the security level for an issue to control who can access the issue. The permission is relevant if issue security has been enabled.

Transition issuesPermission to change the status of an issue.

Voters & watchers permissions

Explanation

Manage watcher list

Permission to manage the watcher list of an issue: view users, add them to or remove them from the list.

View voters and watchers

Permission to view the voter list and watcher list in issues. 

Comments permissions

Explanation

Add comments

Permission to add comments to issues but without the ability to edit or delete comments.

Delete all comments

Permission to delete any comments, regardless of who added them.

Delete own comments

A user with this permission can delete only their own comments.

Edit all comments

Permission to edit any comments, regardless of who added them.

Edit own comments

A user with this permission can edit only their own comments.

Attachments permissions

Explanation

Create attachments

Permission to attach files to issues if attachments are enabled. But this permission doesn't include the ability to delete attachments.

Delete all attachments

Permission to delete any attachments, regardless of who added them.

Delete own attachments

A user with this permission can delete only their own attachments.

Time-tracking permissions

Explanation

Work on issues

Permission to log work on an issue, that is to create a worklog entry, if time tracking is enabled. This permission is required as a prerequisite for applying the other time-tracking permissions.

Delete all worklogs

Permission to delete any worklog entries, regardless of who added them. This permission works if time tracking is enabled.

Delete own worklogs

A user with this permission can delete only their own worklog entries. This permission works if time tracking is enabled.

Edit all worklogs

Permission to edit any worklog entries, regardless of who added them. This permission works if time tracking is enabled.

Edit own worklogs

A user with this permission can edit only their own worklog entries. This permission works if time tracking is enabled.

Archiving permissionsExplanation
Archive issues for a projectPermission to archive issues in a specific project. But this permission doesn't allow you to archive issues in bulk.
Restore issues for a projectPermission to restore issues in a specific project.
Browse archivePermission to view all archived issues. To do it, go to Issues > Archived issues.
Browse project archivePermission to view archived issues that belong to a specific project. To find archived issues, go to Issues > Archived issues.


Permission schemes

Learn about the concept of permission scheme and why you should use it to configure user permission on your Jira instance. 

What is a permission scheme?

A permission scheme is a set of assignments between project permission and a user, group, or role. Every project has a permission scheme. One permission scheme can be associated with multiple projects. 

Why permission schemes?

In many organizations, multiple projects have the same needs regarding access rights. For example, only a specified project team may be authorized to assign and work on issues.

Permission schemes eliminate the need to set up permissions individually for every project. Once a permission scheme is set up it can be applied to all projects that have the same type of access requirements.

Creating a permission scheme

To create a new permission scheme: 

  1. In the upper-right corner of the screen, select Administration  > Issues.
  2. Under Issue security schemes (the left-side panel), select Permission schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
  3. Select Add permission scheme.
  4. In the Add permission scheme form, enter a name and a short description of the scheme.
  5. Select Add. You'll return to the Permission schemes page where you'll find the newly added scheme.

Adding users, groups, or roles to a permission scheme

To add a user, group, or role that can have permissions from a permission scheme: 

  1. In the upper-right corner of the screen, select Administration  > Issues.
  2. Under Issue security schemes (the left-side panel), select Permission schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
  3. Open a desired scheme by selecting Permissions in the Actions column. 
  4. Select Edit for a permission where you want to add a user, group, or role.
  5. You’ll see the Grant permission dialog. Select who you want to grant the permission to. Select Grant. The selected users, groups, and roles will be added to the permission.

Project roles are useful for defining specific team members for each project. Selecting project roles rather than users or groups can help you minimize the number of permission schemes in the system.

Deleting users, groups, or roles from a permission scheme

To remove a user, group, or role from a permission scheme:

  1. In the upper-right corner of the screen, select Administration  > Issues.
  2. Under Issue security schemes (the left-side panel), select Permission schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
  3. Open a desired scheme by selecting Permissions in the Actions column.
  4. Select Remove for a permission where you want to delete a user, group, or role
  5. Select a user, group, or role you want to remove. Then, select Remove. The deleted users, groups, and roles won’t be able to perform an action provided by the permission. 

Associating a permission scheme with a project

To apply a permission scheme for a project:

  1. In the upper-right corner of the screen, select Administration  > Projects.
  2. Select a desired project. See Defining a project for more information.
  3. In the Project settings, go to Permissions.
  4. Select Actions > Use a different scheme.
  5. On the Associate permission scheme to project page, select a permission scheme you want to associate with the project.
  6. Select Associate. The scheme will be applied for the project. 

Deleting a permission scheme

To delete a permission scheme:

  1. In the upper-right corner of the screen, select Administration  > Issues.
  2. Under Issue security schemes (the left-side panel), select Permission schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
  3. Select Delete in the Actions column. Note that you can delete the Default Permission Scheme.
  4. On the Delete permission scheme page, select Delete to confirm your action. The scheme will be deleted. All associated projects will be automatically associated with the Default Permission Scheme.  

Copying a permission scheme

To copy a permission scheme: 

  1. In the upper-right corner of the screen, select Administration  > Issues.
  2. Select Permission schemes to open the list of all permission schemes in your Jira and the projects that use each scheme.
  3. Select Copy in the Actions column. The copy will be created with the same permissions as well as with the same users, groups, and roles assigned to them. 
Last modified on Nov 24, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.