What is the most restrictive "permission" you can assign that allows the person the create sprints in a given board?

One need not fulfilled is the ability of some managers to be able to change categories. Only the system admin has this ability. Any other way to put together projects that you have thought of?

@Nic & all:

I like tho concept of roles, BUT roles could be changed by the project leads!!

In our case this corrupted our access policy as some leads added too many people into some roles.=> information too widely spread.

Our "solution" is to use groups which are linekd in permsission schemes.: This is more secure as schemes could only be changed by admins.

Any better option?

BR, Markus

Just an addition to Nic's comment:

Ah, but Jira will track their changes. If someone does make a mess of it, you can look at the the issue history, see who did it and blame them :-)

Right; for all text based fields you'll see the old and new content.

If attachments get deleted you could not restore them; the only remainder is the filename of the attachment but no content.

Thank you Nic Brough. I followed your advice and established the following, which makes me nervous but leaves things as safe as I can make it:

1. Created a jira-manager group so that I could easily move users in and out of management as changes arise.
2. Created a Permission Scheme that added the jira-manager group to have specfic allowances in projects beyond the default ones shown in JIRA. This process will allow me to easily change permissions for the managers/developers in case challenges arise.
3. Created a workflow that removed restraints as I was requested. This is the most dangerous allowance as someone may be able to go through and mess up a lot of issues for example without having to account for changes.
4. Applied the Permissions Scheme and the Workflow Scheme to projects that are being supervised by that manager.

System admin materials preserved with options for management fulfilled.