exactly.

if you wanna read more bout that topic check this KB

https://confluence.atlassian.com/display/JIRA/Managing+Project+Permissions

(In fact, I forgot - I'm a system admin. I can NOT create sprints in 797 of our 800 projects - only the Jira and Confluence ones...)

Nic so i am. i guess your default permission scheme doesn't include jira-system-administrators in the Admin role right?

i did a similar setup to avoid seeing and reveiving unwanted jira content/notifications :)

Dead right - I look after their system, not their data! I always try to work with a system-admin account that has minimal groups and roles, so that when someone says "I can't do X", I can work with an account that probably replicates the behaviour. (Plus, I honestly don't have the time or energy to worry about the 480,000 issues that aren't directly affecting me...)

At least nics answer should be the one to accept instead of your own....

Try it with one permission scheme first, there's no need to plough through all of them if you then find out it's not really going to be right for you.

Yes. Remove them from the jira-administrator group. They don't need it.

The best way to do all of this is to change your permission schemes. I usually start from:

Create a new "role", called something like "project admin"

Change *every* permission scheme you have - on the line that says "project administration", add "role: project admin", and remove all the others.

It's often a good idea to include "project lead" in the "project administration" line, but that's up to you.

(At this point, consider leaving jira-administrators on that line - it might be appropriate for the way your organisation works, but if you remove it, there's nothing to stop your admins temporarily adding themselves if they need to)

For each project, add the relevant users to the role of "project admin".