Configuring roles and permissions
Learn about roles and permissions available in Assets, and how to grant them to specific users or groups. At the bottom of the page, you can also find a detailed permission matrix that will tell you how permissions correspond to tasks that users can perform.
Roles
A role is a set of permissions granted to Jira users or groups to view or modify data in Assets. Here's a summary of available roles:
| Role | Description |
|---|---|
| Assets Administrator | This role can perform all actions in Assets. This includes:
|
| Assets Managers | This role can execute the following tasks on an object schema. This includes:
|
| Assets Developers | This role means builders or creators, rather than e.g. software developers. It can execute the following tasks on an object schema:
|
| Assets Users | This role can do the following on an object schema:
|
Permission levels
Assets offers three levels of permissions and the roles column indicates the roles available for configuration at each level:
| Level | Description | Roles |
|---|---|---|
| Global permissions | These permissions allow you to configure the entire Assets app. By default, as part of Global permissions, the jira-administrators group is mapped to the Assets administrator role. So, if you're a Jira administrator for your Jira instance, then you can perform all actions in Assets. However, if you remove this default mapping, then you wouldn't be able to execute tasks despite of being a Jira administrator. | Assets Administrator |
| Object schema permissions | These are permissions to configure and execute actions on the object schema level. | Object Schema Managers, Object Schema Developers, Object Schema Users |
| Object type permissions | These are permissions to execute actions on an individual object type. You can view a detailed matrix of all tasks and corresponding permissions at the bottom of this page. | Object Type Managers, Object Type Developers, Object Type Users |
Granting permissions
Assets automatically grants the Assets Administrator role to all Jira admins. However, it might not inherit permissions from any particular active directory running on your Jira instance.
You need to be a Jira admin to be able to assign users or groups to a specific role in Assets.
Granting global permissions
- In the top navigation bar, select Assets > Configure.
- Switch to the Roles tab.
- Assign users or groups to the administrator role.
Granting object schema permissions
- In the top navigation bar, select Assets > Object schemas.
- Open your object schema.
- In the top-right, select Object schema > Configure.
- Switch to the Roles tab.
- Assign users or groups to the roles.
Granting object type permissions
- Open your object type.
- In the top-right, select Object type > Configure.
- Switch to the Roles tab.
- Assign users or groups to the roles.
Good to know
- Object type permissions take precedence over object schema permissions. For example, a user might be assigned to the User role on the schema (to not make any changes), but then have a more powerful Developer role on a specific object type, so they can create objects.
- If you want users to work with object types (and objects) you need to grant them permissions for object types, but also for the schema (at least User permissions, so they can view it). Without giving them any permissions for the schema, they won't be able to access it.
- If you don't specify permissions for object types, they will be inherited from the object schema.
Permission matrix
Here's how roles relate to specific actions users can complete.
| Assets functions | Assets Users | Assets Developers | Assets Managers | Assets Administrators | Jira Administrators |
|---|---|---|---|---|---|
| Report Jira issues on Assets objects |  | | | | |
| Search for Assets objects and attributes | | | | | |
| View object graph explorer | | | | | |
| View object type graph explorer | | | | | |
| View Assets custom field | | | | | |
| Create/Edit Assets objects | | | | | |
| Move objects (Object Type To) Note that this function applies to roles on the Object type level | | | | | |
| Move objects (Object Type From) Note that this function applies to roles on the Object type level | | | | ||
| Delete, archive, restore Assets objects | | | | ||
| Create/Edit/Delete attributes | | | | ||
| Modify Assets object schema | | | | ||
| Delete Assets object schema | | | |||
| Create Assets object schema | | | |||
| Manage icons | | | | ||
| Manage references | | | | ||
| Import object schemas | | | | ||
Create/Configure/ Enable Imports |
(except LDAP and database) |
(except LDAP and database) |
| ||
Manage global Assets permissions | | | |||
Create/Manage Assets custom field | | ||||
Move object type (drag & drop) | | | |||
Delete object type | | | | ||
Add/edit Assets post-functions in Jira workflows | |