Managing global permissions

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Global permissions are system-wide and are granted to groups of users. You can refer to project permissions to manage permissions that apply to individual projects.

For all of the following procedures, you must be logged in as a user with the JIRA Administrators or JIRA System Administrators global permission.

On this page:

This table lists the different global permissions and the functions they secure:

Global Permission

Explanation

JIRA System Administrators

Permission to perform all JIRA administration functions.

JIRA Administrators

Permission to perform most JIRA administration functions.

Note that a user with the JIRA Administrators permission will be able to log in at any time, but may have restricted functions depending on their application access.

Browse Users

Permission to view a list of all JIRA user names and group names, share issues, and @mention people on issues. Used for selecting users/groups in popup screens. Enables auto-completion of user names in most 'User Picker' menus and popups.

Note that the Assign User permissions also allows a limited version of this on a per-project basis.

Create Shared Objects

Manage Group Filter Subscriptions

Permission to manage (create and delete) group filter subscriptions.

Bulk Change

Permission to execute the bulk operations within JIRA:
- Bulk Edit *
- Bulk Move *
- Bulk Workflow Transition
- Bulk Delete *
( * subject to project-specific permissions.)

The decision to grant the Bulk Change permission should be considered carefully. This permission grants users the ability to modify a collection of issues at once. For example, in JIRA installations configured to run in Public mode (i.e. anybody can sign up and create issues), a user with the Bulk Change global permission and the Add Comments project permission could comment on all accessible issues. Undoing such modifications may not be possible through the JIRA application interface and may require changes made directly against the database (which is not recommended).

Granting global permissions

  1. Choose > System
  2. Select Global Permissions to open the Global Permissions page, which lists JIRA's global permissions.

    The Add Permission box is shown at the bottom of the list (not displayed in the screen capture above).
  3. In the Permission drop-down list, select the global permission you wish to grant.
  4. In the Group drop-down list, either:
    • select the group to which you wish to grant the permission; or
    • if you wish to grant the permission to non logged-in users, select Anyone. This is not recommended for production systems, or systems that can be accessed from the public Internet such as Cloud.
      Please Note:
      • If you have reached your user limit, you will be able to create new users but it won't have login permission.


 


Removing global permissions

  1. Choose > System
  2. Select Global Permissions to open the Global Permissions page, which lists JIRA's global permissions.
  3. For each global permission in JIRA (indicated on the left of this page), groups which currently have that permission are shown on the right (under the Users / Groups column).
  4. Locate the global permission you want to remove from a group as well as the group you want to remove that permission from (under Users / Groups) and click the Delete link next to that group.


About JIRA System Administrators and JIRA Administrators

People who have the JIRA System Administrators permission can perform all of the administration functions in JIRA, while people who have only the JIRA Administrators permission cannot perform functions which could affect the application environment or network. This separation is useful for organizations which need to delegate some administrative privileges (e.g. creating users, creating projects) to particular people, without granting them complete rights to administer the JIRA system.

Here is a list of administration tasks that only JIRA System Administrators (not JIRA Administrators) can perform:

It is recommended that people who have the JIRA Administrators permission (and not the JIRA System Administrators permission) are not given direct access to the JIRA filesystem or database.

Separating JIRA System Administrators from JIRA Administrators in default JIRA installations

By default, the jira-administrators groups has both the JIRA Administrators permission and the JIRA System Administrators permission. Also by default, the user account created during the JIRA setup wizard is a member of this jira-administrators group.

If you need some people to have only the JIRA Administrators permission (and not the JIRA System Administrators permission), you will need to use two separate groups, e.g.:

  1. Create a new group (e.g. called jira-system-administrators).
  2. Add to the jira-system-administrators group everyone who needs to have the JIRA System Administrators permission.
  3. Grant the JIRA System Administrators permission to the jira-system-administrators group.
  4. Remove the JIRA System Administrators permission from the jira-administrators group.
  5. (Optional, but recommended for ease of maintenance) Remove from the jira-administrators group everyone who is a member of the jira-system-administrators group.


Troubleshooting permissions with the JIRA admin helper

The JIRA admin helper can help you diagnose why a user can or cannot see a certain issue.

Note: For all of the following procedures, you must be logged in as a user with the JIRA Administrators global permission.

  1. Choose > System
  2. Select Permission helper.
  3. Enter the username of the user (leave blank for anonymous users), an issue key (for example, an issue that the user can/cannot see) and the permission to check.
  4. Click Submit.
Last modified on Nov 26, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.