Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is the relationship between Users, Groups, Project Roles, and Permissions?

Bob
Bob
Contributor
April 25, 2018

This question relates to Jira Cloud.

There is a map graphic in the documentation "Jira Permissions Made Simple" that shows a one-to-one relationship between a Project Role and a Permission Scheme; there is also a one-to-one relationship between a Project and a Permission Scheme: a project can have only one Permission Scheme. 

When setting up "External Users", like customers, in order to limit their access, you are required to link a Project Role, "Customers", to a different Permissions Scheme and remove them from "jira-software-users". That approach seems to suggest that a custom Project Role points to the custom Permission Scheme and not the Permission Scheme associated with the project. This seems to contradict the map in "Jira Permissions Made Simple" I reference above. 

What am I missing? What is the relationship between Users, Groups, Project Roles, and Permissions?

Answer
Watch
Like Omar Herrera likes this
1013 views

1 answer

1 accepted

0 votes
Answer accepted
Jose M_
Jose M.
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 26, 2018

I wouldn't say, there is a one-to-one relationship between a Project Role and a Permission Scheme.

My understanding is:
The Permission Scheme defines, what the user should be allowed to do. The user can have the permission through a Role or through a Group he is a member of. You can mix it up. We prefer to work with groups, because in this way we are more flexible.

Basic example:
Project_A, Role Developer is shared with Group_A
User_A1 and User_A2 are in Group_A
Acc. to Permission_Scheme_A both users are allowed to work on Project_A

User A1 is also in Group_S. This group is not listed in the Project but is listed in the Permission_ Scheme_A and defines, who is allowed to change the Security Level.

In Group_S there is also User_B, but User_B is not a member of Group_A, so he is not allowed to see and work on Project_A.

Summarising: You can combine Roles and Groups and define the permissions in the Permssion Scheme. BTW: Using groups to define permissions you can use them also in workflows.

I hope, this was a little bit helpful.

View More Comments
Bob
Bob
Contributor
April 30, 2018

Thanks, Jose, your comment is helpful and clears things up a bit. 

For clarity, I'll extend your example a bit: 

Let's say that in addition to Project_A there is a Project_B and Group_A with User_A1 and User_A2, Group_A is  assigned to Project_B and Project_A. If User_B, who is only assigned to Group_S is assigned to Project_B then he could not see Project_A.

Assuming that extension proposed is right, (I'm uncertain) I should be able to set up an Internal Group (Group_A) my internal developers, and a series of External groups consisting of customers from different companies. That approach should allow all of my internal developers to see all projects (since they are working on all of them) but external customers would only see projects where they are specifically included in that project's (edited) Permissions Scheme, right?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 30, 2018

That is correct, yes.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.