Managing project permissions

Project permissions are managed in two ways:

  1. Jira administrators manage project permissions for company-managed projects through permission schemes. This page discusses permission schemes for company-managed projects in detail.

  2. Project administrators manage project permissions for team-managed projects through custom roles. Read more about custom roles in team-managed projects.

Every company-managed project has a permission scheme. A permission scheme grants users, groups, or roles their permissions in your company-managed projects. Read the details of each available project permission.

You can't edit project permissions or roles on the Free plan for Jira Software or Jira Work Management, and you can't configure issue-level security on any Free plan (including Jira Service Management). Find out more about how project permissions work in Free plans. To take advantage of Jira's powerful project permission management features, upgrade your plan.

Like other schemes in Jira, changes you make a to permission scheme update the permissions for any of the company-managed projects associated with the scheme. This makes it easy for Jira admins to manage the permissions of many projects at once, without having to adjust each project’s settings individually. Once a permission scheme is set up, it can be applied to all projects that have the same type of access requirements.

Permission schemes set permissions at the project level. You may still want to adjust permissions across your Jira site through global permissions. For example, allowing users to create shared objects like filters, or make bulk issue changes. Read more about global permissions.

Create a permission scheme

To create a permission scheme:

  1. Select > Issues.
  2. From the sidebar, select Permission Schemes. The Permission Schemes page opens. It displays a list of all the permission schemes in your Jira site and the projects that use each scheme.

  3. Select Add Permission Scheme. The Add Permission Scheme form appears.

  4. Give your new scheme a name, and add a short description of the scheme. Descriptions help you identify schemes in the future.

  5. Select Add.

Your newly added scheme appears on the Permission Schemes page, but it’s an empty vessel. To use the scheme properly, you need to:

  1. Add users, groups, and roles to the scheme and grant their project permissions.

  2. Associate the scheme with the projects that should use it.

Add users, groups, or roles to a permission scheme

and grant their project permissions

The permission scheme itself is just an object that Jira references when checking permission in your projects. To make the scheme useful, you need to grant users, groups, and/or roles their project permissions in the scheme.

To add users, groups, or roles to a permission scheme, and grant them project permissions:

  1. Select > Issues.
  2. Select Permission Schemes to open the Permission Schemes page, which displays a list of all permission schemes in your Jira system and the projects that use each scheme.

  3. Locate the permission scheme you would like to update, and select Permissions in the Actions column to view the scheme.

  4. For each permissions available, select the Edit link to grant the permission to a user, group, or role. This displays the Grant permission dialog. Read the details of each available project permission.

  5. In the Grant permission dialog, select who to grant the permission to and click the Grant button. You can grant permissions to:

Some permissions are dependent upon others to ensure that users can perform the actions needed. For example, for a user to be able to Edit issues in the project, they first must be able to browse the project. Or, for a user to be able to resolve an issue, they must also be able to transition the issue. Read the details of each available project permission.

Granting permission to anyone

Granting the Browse Projects permission to Anyone means issues from project that use the permission scheme are publicly viewable on the internet. You may legitimately want to grant public access to some projects and issues on your site, like in the case of a public bug tracker. Learn more about anonymous access.

Some permissions require product access

Some project permissions are only usable if your users also have access to the Atlassian product that checks the permission. For example, if you give someone the permission to Edit issues in a Jira Software project, they still require product access to Jira Software to gain that permission.

If you add people to a role that grants these permissions, make sure they have product access to Jira Software (for software projects) or Jira Service Management (for service project). If not, they may encounter problems and won’t get the full benefit of the features you intended them to use. Otherwise, these users will see a read-only version of the projects you intend them to work on.

Only your site admin can grant individuals product access. Learn more about product access.

The Browse Project permission may make project details visible to all users in directories and while searching Jira

There’s a known issue when granting a User custom field value, Reporter, Current assignee, or Group custom field value the Browse Project permission. In these cases, a project becomes visible to any logged in user on your Jira site.

The issue is caused by an intentional design in Jira’s backed that couples the Browse Project and View issue permissions. We’re currently working to decouple these permissions.

tip/resting Created with Sketch.

Tip: Use project roles to help scale your Jira site as your company grows

We recommend assigning permissions through project roles, rather than individual users or group access. Referencing project roles rather than users or groups in your permissions can help you minimize the number of permission schemes in your system. They can help you save time when managing users across your site, and how they can act in each project you create in Jira. Read more about project roles in Jira.

Associate a permission scheme with a company-managed project

Once you have your project permission grants figured out, you can put the scheme into effect by associating it with the projects its meant to govern.

To associate a permission scheme with a company-managed project:

  1. Error rendering macro 'excerpt-include'

    No link could be created for '2022-01-28_04-19-25___Navigating to the Admin Projects Menu (JIRA Admin)'.

  2. Search for and select the project you want to change permissions for.

  3. From the sidebar, select Project settings to view the project's settings.

  4. Select Permissions from the sidebar. This displays the current permissions scheme.

  5. Click the Actions dropdown menu and choose Use a different scheme.

  6. On the Associate Permission Scheme to Project page, select the permission scheme you want to associate with the project.

  7. Click the Associate button to associate the project with the permission scheme.

Your project’s permissions are updated and the project now follows your permission scheme. Any updates you make the scheme or its grants apply immediately to the project associated with the scheme.

Remove users, groups, or roles from a permission scheme

To remove users, groups, or roles from a permission scheme:

  1. Select > Issues.
  2. Select Permission Schemes to open the Permission Schemes page, which displays a list of all permission schemes in your Jira system and the projects that use each scheme.
  3. Locate the permission scheme of interest and click its name to show the list of project permissions (above).
  4. Click the Remove link for the permission you wish to remove the users, groups, or roles from.
  5. Select the users, groups, or roles you wish to remove, and click the Remove button.

Removing users and groups for a permission scheme doesn’t remove these people from Jira entirely. Only site admins can remove users from your Jira site. Read more about how to remove users entirely from your Atlassian site.

Copy a permission scheme

Some projects may require only minor tweaks to an existing permission scheme. In these cases, you can use the existing permission scheme as a starting point for a new scheme. Copying a permission scheme gives you this quick start to tweak a scheme and meet the requirements for a new project.

To copy a permission scheme:

  1. Select > Issues.
  2. om the sidebar, select Permission Schemes. The Permission Schemes page opens. It displays a list of all the permission schemes in your Jira site and the projects that use each scheme.

  3. In the Actions column, click the Copy link for the scheme that you want to copy.

A new scheme is created with the same permissions and the same users, groups, or roles assigned to them. You can find it in your list of permission schemes with the name Copy of <My permission scheme name>.

Delete a permission scheme

Every company-managed project requires a permission scheme to function. If you delete a permission scheme that’s associated with one or more projects, those projects will fall back to using the Default Permission Scheme. You can't delete the default permission scheme.

To delete a permission scheme:

  1. Select > Issues.
  2. From the sidebar, select Permission Schemes. The Permission Schemes page opens. It displays a list of all the permission schemes in your Jira site and the projects that use each scheme.

  3. In the Actions column, click the Delete link for the scheme that you want to delete.

In Jira Software, you can delete the Default software scheme, but this is superficial. Jira will recreate this permission scheme if you create a new company-managed software project, and associate it to your new project.

Last modified on Nov 17, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.