Well about your question I found a schema that may explain your question. And I think it's made that way to grant full customization of projects and groups. Hope it helps.

You don't need to update Permission Schemes as much but more on a role level then Project Admins can enable groups/users on the roles.

Ok, I see how that would work.  But what's not clear to me is why that is a superior method than just using the groups directly in the permission scheme.  Can someone explain it?

You populate the Project user and roles with needed groups and then the permission scheme is based on these roles.

Group TeamA is role Developer in Project A

Permission Scheme Development give Role Developer all needed access.

Just adding my five cents to the discussion.

It's strange, I went back to check again and I can now find the groups I want on the permission page.  I'm not sure why I couldn't find the groups I wanted to add when I tried the other day - it was probably just user error.  Thanks for confirming it should work.

They still don't appear to share dashboards with unless I'm a member.  These aren't globally defined dashboards, they are team dashboards.  But experience shows that some teams struggle to set up the dashboards they need.  So I help by setting them up as a one off and then leave them to use them.  Sometimes teams don't use them very much, but other teams are very grateful for the dashboards I've set up.

I'm not sure what you mean when you say "it doesn't scale".  Could you elaborate?  I would like to ensure our instance is set up in the best way possible.  I also don't understand why it's better to use roles rather than groups in permission schemes.  I've already explained that this is quite impractical for the way our instance is set up as each new user typical needs to access many projects.

Where doesn't it work?  I can add any group I want to a permission scheme, and I'm only in the admin group and one other.  (Although I rarely do, because we should always use roles in permission schemes).

I think you should look at the way you're handling users too - from experience, a) it doesn't scale and b) globally defined dashboards have a nasty habit of being totally unused because they're not relevant.

Well it doesn't work.  If I'm not in the group it doesn't appear on the list of groups to grant permission to.  As soon as I add myself to the group it does.

Role members have to be added individually for each project whereas I can add people to groups and have them take effect across multiple projects so it's much easier to manage this way.  We perhaps don't use JIRA in a typical way because each team needs access to multiple projects.

I'm not sure it's a relevant question as to why I want to create dashboards for other people.  The fact of the matter is that I do, and I can't seem to find a way to do this.

Um, you don't need to be in a group to grant that group permissions in the permission scheme (although you should really do that by having a permission scheme that uses roles instead, then you put the users and groups into the roles)

Do you mean that you don't have permission to share boards and filters with other people?  The question there is why you're doing it for them, when you're not going to be involved in the project any more.

As I say, I frequently set up projects for other teams.  Once the project is in use, I don't need to be able to see it so I want to be able to give people permissions which I don't, myself want or need.

Or take another real example.  I have two Projects, let's call them X and Y.  Project X needs to be restricted to those in Group A, which includes myself.  Project Y needs to be accessed by those in Group A but also some extra people who are in Group B.  I'm not a member of Group B so I can't add them to the permissions in project Y even though I do actually have that permission myself via Group A.  The workaround is to create a master group containing both A and B but since you can't nest groups this creates a maintenance burden as if someone gets added to Group A they need to be added to multiple places.

I don't think I fully understand your situation yet. I don't see a reason why you should be able to configure a group in any context that exist in the instance without being a part of it.

Is there any non-standard setup from Atlassians recommendation done in your user management?

Yes, that's exactly what I mean. I want to be able to give a group permission view a certain project without me being in that group.

The same thing happens with sharing dashboards and filters.  I can only share with groups I'm a member which is frustrating.

I don't fully understand what you mean. If your administrator you should be able to reach the most projects from the /secure/project/ViewProjects.jspa view despite their settings towards you.

Do you mean that you can add a group to permissions without you being in that group?