Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Nested Role-Based Permissions

Patrick Wright
Patrick Wright
Contributor
January 28, 2025

I have been experiment with permissions schemes and project roles to help control access to projects on my Jira Cloud instance.  My question is, does Jira supports some sort of "permission nesting" (or is there an official way to emulate such behavior).

For example, suppose I have the following 3 roles:

  • Viewer - Can only see a project and it's issue
  • Developer - Viewer + Can create and edit issues
  • Administrator - Developer + Full control of project

In the permissions scheme, to implement Viewer, for example, I would grant the "Browse Projects" permission to the "Viewer" role.

However, does this mean I would need to explicitly grant the "Browse Projects" permission to the "Developer" and "Administrator" roles as well to implement my desired permission "nesting"?  Or is there a better way?

 

Answer
Watch
Like Be the first to like this
148 views

2 answers

1 accepted

1 vote
Answer accepted
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 28, 2025

Hi @Patrick Wright 

That depends.

You could grant browse permission to the viewer role and let's say edit permission to the developer role.

This would require you to provide a user that needs edit permissions to be granted both roles.

If you would grant browse permission to both roles and edit permission only to the developer role, you would only need to grant a user that needs to edit issues the developer role and not also the viewer role

Best practice is the second option.

This requires you to grant people a single role, instead of multiple roles.

 

View More Comments
Patrick Wright
Patrick Wright
Contributor
January 30, 2025

It took a little effort to go through the permission scheme and grant permission explicitly for each role, but now that it's done, it's pretty simple and self-explanatory to see what permissions a user/group a granted (by role) for a given project.

I ended up with the following roles:

  • Viewer - Can only see a project and its issues
  • User - Viewer + Can add issues to the project
  • Developer - User + Can be assigned to issues and work on them
  • Product Owner - User + ...
  • Scrum Master - Developer + Can manage sprints, archive items, etc...
  • Administrator - Full access to project
Like
Reply
1 vote
Dave Mathijs
Dave Mathijs
Community Champion
January 28, 2025

Hi @Patrick Wright 

The Browse Projects permission is a so-called "standalone permission" and a pre-requisite for almost any other permission in a permission scheme. It controls who has access to a project, and consequently who has access to individual issues in that project.

It’s incredibly powerful; if you can't browse projects, you can't see issues. If you can’t see an issue, of course, you can’t edit, transition, comment or do anything with it.

Restricting the Browse Projects permission will influence what users will see on dashboards and in filters, and the email notifications that they receive.

This means that when you're configuring permission schemes or troubleshooting permissions, or the visibility or notifications from issues, you must always consider the Browse Project permission.

⚠️ 

The Browse Project permission may make project details visible to all users in directories and while searching Jira

There’s a known issue when granting a User custom field value, Reporter, Current assignee, or Group custom field value the Browse Project permission. In these cases, a project becomes visible to any logged in user on your Jira site.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.