How to restrict the project admin access for 'users& roles' section

Hi Greg-this is not the case. As the system admin,I will taking care of the user access.

I want to restrict  the access to "project admins"

Thanks Ollie for the link. However 'Administer projects' roles comes with below package of permissions. .

"Administer projects

Permission to administer a project in JIRA. This includes the ability to edit project role membership, project components, project versions, and some project details ('Project Name', 'URL', 'Project Lead', 'Project Description')." 

If I remove the administer projects role in the permission scheme , admins won't be able to modify the components/versions .

We have around 6000+  users in the environment. I want to revoke the admin access only  to 'user & roles' section.

Do you know any other way?

Ollie's description is correct, you cannot have partial admins.

You could do it by removing all roles from permissions, notifications and so-on, using only groups to grant access.  This will, of course, leave your administrators in group-maintenance hell, but that is effectively your goal.

Thanks,but still this is not solve my query.

If the user/particular group is not part of the administer role users won't be able to work on the versions and components also. There is no way I guess to choose the particular actions as part of the administer functionality.

There should have been proper management options for the administer roles actions.When we have 5K +active users in the organisation, some functionality matters.

It does solve your query - you just put the users who need to edit versions and components into a group granted "project administration".  The role itself is irrelevant.

One of the permissions is "administrate project", which you'll need to grant to groups to all allow the project admins to handle versions and components.

Delegating permissions more finely is something Atlassian have always had on the to-do list, and some of it is happening. 

Giving project admins the rights to versions, components and users was part of it, but they've not moved again until recently, where they get some access to fields and workflows as well.

Hi Nic-if you look at my query,problem is restriction on editing  the "user & roles section" alone. 

"Administer projects" comes with the below package , I cannot choose the particular action.

Permission to administer a project in JIRA. This includes the ability to edit project role membership, project components, project versions, and some project details ('Project Name', 'URL', 'Project Lead', 'Project Description')." 

Ahegde, if you look at the answers, you'll see Ollie confirms that there is no way to stop project administrators managing users and roles, but mine tell you the way to make the roles irrelevant so that it does not matter if the project admins do anything with them.

We got some security issues in our case,so we found out only to avoid this situation is by filtering the administer permission. 

If there is no way,then we can drop the matter here.At least in the future  Atlassian team should consider the fine tuning of the permission schemes .

Thank you for all your answers

I'm not sure how security issues might affect this (I am curious as to why it is a security problem to have access to maintain roles when they have been configured to have no effect)

Also, one thing I completely forgot to mention - if you do decide to go the route of group based access, then make all the permission changes for that, and when you're happy with it, make another change.  Go to admin -> Project Roles and simply delete every role from the list

I have a feeling Jira might force you to keep at least one, but you could keep one called "This is a pointless role, do not use", just to be clear to your project admins.