JIRA Permissions General Overview
JIRA has a flexible security system which allows you to configure who can access JIRA, and what they can do/see within JIRA. There are five types of security within JIRA:
Different Projects, Different Permissions
Permission schemes allow you to apply varying access levels to combinations of groups, roles and individuals on a per-project basis. A permission scheme will enable/disable specific actions for users for that project. For example, the 'Browse Project' permission for a particular project restricts who can view the project in JIRA and thus view issues that belong to that project via the Issue Navigator. Without this permission, user(s) would not be able to access ('browse') that project.
Reusable Permission Schemes: Using Project Roles (default and recommended)
Each project has Project Roles associated with it: Project Lead, Administrators, Developers, and Users. As you define your Permission Scheme, you can assign permissions in your Permission Scheme to a Project Role (e.g. Project Role (Users)). When you select the Permission Scheme for a project, JIRA will grant the permissions specified in the scheme to the specific users/groups that you've defined in the Project Roles for your project.
This allows you to reuse the same Permission Scheme for different projects that have the same security needs, but different groups. You then select the same Permission Scheme for the Project, but Manage Project Role Membership to substitute different users/groups. Sharing a Permission Scheme also facilitates the creation of Administrator groups across the projects