Is there some kind of Reply time-out on this board ?  Because if we are working on a reply for a long time, then when we select the "Reply" button, the reply will not post.  We have to copy-paste our reply and all formatting is lost. This is getting extremely annoying since it is requiring double-work and extra time that we do not have.

Thanks Sam. We really do appreciate your explanations, but have additional questions.  There are also some statements below that hopefully Atlassian Staff will see.

3 of us are sitting here and scratching our heads because in the documentation, it states that Administrators are a Group.  See first sentence on this page:

https://confluence.atlassian.com/adminjiracloud/managing-global-permissions-776636359.html

However, on this page it states that JIRA administrators are project roles (the language can be interpreted various ways):

https://confluence.atlassian.com/adminjiracloud/managing-project-roles-776636382.html

The documentation explanations are not clear and getting lucid answers is taking up an atrocious amount of our time - time that we don't have since we are a very busy small team.  It is for this very reason that we very quickly dumped Team Services.

The documentation is using vague, inconsistent or otherwise unclear language.  For example, only now do we see that a jira-administrator is a Role whereas an administrator is a Group in the above images of the pertinent sections of the web application.  From our perspective, the documentation is not WYRIWYG.

Also, we are trying to find in the documentation an explicit explanation of the difference between "Administrators" and "administrators." In the JIRA Cloud documentation, the terminology used is JIRA System Administrator, JIRA Administrator, Project administrator and Board administrator.

Quite frankly, the JIRA Cloud documentation is a convulted mess since what we read does not always exactly correspond to the actual web application.

There is no table that explicitly shows the different Administrators and compares their default permissions ?

If a user is assigned to the "administrators" Group, must they also be assigned a Project role ?

If we assign the "administrators" Group to the Administrator's Role, will this allow the "administrator" to delete ?

So Projects are permssion scheme based (which is exactly what we do NOT want to deal with) with no way to set a base set of permissions for all Projects ?

Hi HJLBX - Sorry about the slow reply. Missed your response and am busy too! But I'll do my best to help you now.

Firstly, yes - if you spend too much time writing a reply on this board it does seem to 'timeout'. Pretty annoying when coupled with the formatting loss on copy/paste. Both issues have been fed back to Atlassian by several people. Take a look at the feedback forum to see what people are saying and add your feedback in there if you want - it helps make this community better.

Secondly, I agree that the documentation on this is difficult to follow. I'd urge you to feedback to Atlassian on this (in your Cloud instance, click the bullhorn icon in the top menu bar).

Thirdly, I'll try to hep you on the docs and other questions in some further replies below...

"3 of us are sitting here and scratching our heads because in the documentation, it states that Administrators are a Group.  See first sentence on this page:

https://confluence.atlassian.com/adminjiracloud/managing-global-permissions-776636359.html"

Do you mean this sentance: "Global permissions are system-wide and are granted to groups of users."?

This doesn't mean that the global permissions listed on that page are groups. It's saying that these are permissions that can be assigned to groups. It's up to you to choose which groups you want to give these permissions to.

In the list of global permissions, you'll see that there are two that give you access to the administration functions in JIRA:

1. The JIRA System Administrators permission 

2. The JIRA Administrators pemission

Neither of these are groups. They are permissions which you assign to a group (or groups).

A user who is in a group with one of these permissions will be able to see and use:

• the JIRA Administration menu (i.e. the cog in the top menu bar) which takes you into the JIRA application admin pages.
• an 'Admin' menu when viewing issues which has some useful admin functions
• the 'Project settings' page for any project

Take a look at the the Global Permissions in your instance to see which groups have these permissions.

(note that, in Cloud, you probably won't see the JIRA System Administrators one, because it is generally restricted on JIRA Cloud and is only applicable for JIRA Server. I don't know why the Global Permissions help page for Cloud mentions it. I assume because some instances may have it enabled).

By default, I think you'll find people the following groups will have the JIRA Administrators permission:

• site-admins
• administrators
• jira-administrators

The next thing to realise about JIRA Administrators and JIRA System Administrators global permissions is that they are not project permissions. Nor are they project roles.

The global permissions only grant the rights to administer and configure JIRA projects and settings. People with these permissions are generally refered to as 'JIRA adminstrators'.

In your question above, you said:

"However, on this page it states that JIRA administrators are project roles (the language can be interpreted various ways):

https://confluence.atlassian.com/adminjiracloud/managing-project-roles-776636382.html"

Did you mean this text?: "JIRA administrators define project roles — that is, all projects have the same project roles available to them"

This isn't saying that 'JIRA adminstrators' is a project role. It just saying that JIRA administrators (i.e. people with access to the admin menus) can edit the global, pre-defined list of project roles available to use throughout JIRA.

There is no table that explicitly shows the different Administrators and compares their default permissions?

Hopefully from the info above, it's now clear that:

• 'JIRA administrators' means people with the JIRA Administrators / JIRA System Administrators global permissions.
• Having these permissions doesn't grant any abiity to see or do stuff within projects. Just the ability to change the 'behind-the-scenes' project settings/configuration.

So, taking those out of the equation - where is the table that shows the default permissions that people have within projects?

Answer: It's in JIRA. Go to JIRA Administration > Issues > Permission schemes.

Here you'll find the default permission scheme that gets used for new projects.

If you look at that scheme, you see exactly who has each of the project-related permissions by default.

Unless you've edited the scheme, you'll probably see most permissions are granted to 'Any logged in user'. But a few, like the delete issues permission, are granted to Project Role: 'Adminstrators'.

So who gets the project role 'Adminstrators' by default?

To check go to JIRA Administration > System > Project Roles.

FInd the project role with name 'Adminstrators' and, in the 'Actions' menu on the right click Manage Default Members.

This will show which groups get given this role in a project when it is created. I think you'll see just the 'jira-administrators' group here.

If a user is assigned to the "administrators" Group, must they also be assigned a Project role ?

It depends what you want them to be able to do in a particular project or projects. Let me know if there is something specific and I'll try to help.

If we assign the "administrators" Group to the Administrator's Role, will this allow the "administrator" to delete?

Yes - assuming your project uses the default permission scheme, which has the 'Delete Issues' permission granted to the 'Administrators' role.

To change existing projects, you'll need to do this using 'Users and Roles' from within the project settings.

If you want this to happen in all new projects created in future, you can use JIRA Administration > System > Project Roles > Manage Default Members.

Another opton is to simply grant the 'Delete' issues permission directly to the 'administrators' group, then they don't have to hold any particaular project role to be able to delete issues.

So Projects are permssion scheme based (which is exactly what we do NOT want to deal with) with no way to set a base set of permissions for all Projects ?

Actually, this is exactly what you want. You can set up one permission scheme which defines the permissions you want, and apply it to all projects.

The permissions can be:

• project role based* (meaning the same user or group can take different roles in different projects)
• group based
• individual user based
• a combination of all the above and much more

It's a hugely powerful and configurable set-up which covers a massive range of use cases.

If you are a visual thinker, there's a decent diagram here which shows how a user can be granted permisions: https://confluence.atlassian.com/adminjiracloud/configuring-permissions-776636357.html

* The advantage of using project role based permissions is that your JIRA Admin(s) can delegate the maintenance of user role membership to someone with the 'Administer projects' permission.

Oh. One more thing... here is the page from the Atlassian Cloud doc which attempts to describe the default permissions that each group gets on new Cloud instances.

https://confluence.atlassian.com/cloud/manage-groups-744721627.html

Sadly, it's out of date, I think.

To be fair it does have a disclaimer "Depending on when you created your site, there might be slight differences in the default groups that exist in your instance.", but in my instance:

• There is no 'jira-developers' group 
• The 'administrators' group is not a member of the 'Administrators' project role by default
• However, there is a 'jira-administrators' group which is a member of the 'Administrators' project role.

Anyway, I hope this all helps a bit.

I might try to get Atlassian to update the docs if I have a moment, but have no idea if I can!

Thanks Sam for th extensive explanation.  We will study it and with your explanations should eventually be able to sort it all out.

Just never enough hours in the day...