eceive this error (error.no-permission) when trying to remove the Jira Software Application access u

@James Correll 

The error.no-permission you are receiving when trying to remove Jira Software Application access for a specific user, despite having Admin access, is most likely due to how that user is getting access to the application.

The most common cause is that the user is a member of a default group that is specifically configured to grant application access, and your current Admin permissions allow you to manage the user but not remove them from that core default group.

Key Things to Check and How to Fix It
You need to check if the user has a special role or is part of a non-editable group.

1. Check for the Organization Admin Role
Even with Site Admin or Product Admin access, you may not be able to modify the application access of a user who is an Organization Admin.

Action: In Atlassian Administration (admin.atlassian.com) under Directory → Users, check the user's details. If they have the Organization Admin role, you must first remove that role before you can manage their product access.

2. Check Group Membership
Users are typically granted access via group membership. If you try to remove access directly from the user's profile, but they are a member of a core access group, the change will fail with a permission error.

Action A (Check the Groups):

Go to the user's profile in Atlassian Administration.

Find the Groups tab and see if they are a member of the default group for Jira Software (e.g., jira-software-users or site-users).

Action B (Remove from Group):

Go to Directory → Groups.

Find the group that grants them access (e.g., jira-software-users).

Remove the user from this group. Removing the user from the group is often the successful way to strip their product license.

3. Check for Group Access Control
In some instances, especially when using an Identity Provider (IdP) for user provisioning (like SCIM integration with Azure AD or Okta), the ability to change group membership is delegated to the external system.

Action: If your organization uses an external identity provider, you must remove the user from the relevant group within the external system (e.g., remove them from the "Jira Software Users" group in Azure AD). Changes made directly in Atlassian Administration will be blocked or overwritten.

Since the user has never signed in, it is highly likely that they were provisioned and given access via a group synced from an external source or a default invitation setting.

The most direct solution is typically to remove the user from the group that grants the Jira Software application access.

Hi @James Correll ,

Just a note first > this is a public forum, so just keep this in mind when sharing confidential or personal data ⚠️

Now, for the issue itself... It might be the case that the user's access to Jira is being granted through a group that you don't have permissions to modify 👀 Or through a provisioned group managed by your IdP (such as via SCIM).

I'd recommend taking a look at which groups the user is in and which groups are granting the user access to Jira.

Also, here's a link to official Atlassian Support where you can raise a support ticket and the support team will guide you on how to troubleshoot this: Atlassian Support 

Cheers,
Tobi