Hi,
I am configuring a Jira system and am just wondering what is considered best practice for configuring permissions schemes and then project permissions. My plan is to create a permission scheme where all permissions are assigned to project roles. However, I'm pondering how to handle the case where permissions are layered, such that, for example, a Developer can do everything a User can plus a bit more. It seems there are two options:
1) Assign the same permissions to multiple roles (e.g. Developers, Users and Admins can Browse Project) then each user/group is a single role in a projcet
2) Assign each permission to the role level that gets that, then configure users and groups to multiple roles (e.g. Developer is the permission layer than starts to get Assignable User) and then each user/group in the project can be assigned to multiple roles (e.g. GroupA is a User and a Developer).
I'm thinking number 1 is probably the way forward, but would appreciate any guidance/advise.
Thanks!
Ideally, you won't have to customize the permission scheme per project. All restrictions should initially be handled by Roles.
Roles > Permission > Workflow Conditions
Roles are often the best way to handle it as Project Administrators can do this as well.
Yeah, this is what I've done. I have one permission scheme, then each project configures the user/groups for each role.
The question is, given that most permission systems layer permissions where Users have a small set, Developers get some more then Admins get even more, there are two ways to do this:
1) Each permission in a permission scheme is assigned to each role individually that can do it (e.g. Browse Projects given to Users, Developers and Admins) then a user/group in a project is assigned a single role
2) Each permission in a permission scheme given to a single role and then users/groups in a project is allocated > 1 role.
I still think option 1 as it puts the repetition in a single place rather than each project.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.