Our permission schemes are not scaling and I am creating a default permission scheme and have set up roles, but do I need to set up a group? and add roles to that group? It's not clear to me whether you set up groups first, then roles.
Hi Lauren,
They can work in conjunction with each other, or not at all.
The advantage of using Roles in your permission scheme to grant permissions is that it allows the project administrators to add or remove users and groups from these roles.
Of course if you don't want them doing this (perhaps in a corporate environment with strict access contols) this is a negative and you may want to grant permissions to groups in the permission scheme so that only Jira Administrators can manage permissions.
Assuming you go the roles route, the project administrators then can use groups in the roles, but if it's the same as server, the project admins can't actually see who is in those groups. They may prefer to grant access to individual users for visibility.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Best rule for any management: Delegate everything as far down the hierarchy, as you can. Conclusion from this: Project Roles far better then Groups. Project Admin is more informed who needs what, and can avoid system wide routes. One can bet - SysAdmin VERY BUSY RIGHT NOW - was, is and will.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I usually use project roles in permission schemes, but I do add the jira-administrators group to the Administrators permission. That way project admins cannot remove Jira admins from administering projects
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.