Users and permissions

What are users and groups?

In Jira, a user is any individual who can log into your Jira instance and counts towards your Jira license. A group refers to a collection of users who share the same global permissions. Using groups is an easy, convenient way of managing a collection of users when multiple users in your organization need the same permissions or restrictions.

Two groups are automatically created when you install Jira for the first time: jira-administrators and jira-software-users. Additional groups can be created by the Jira administrator.

jira-administrators

Typically contains people who are Jira system administrators. By default, this group:

is a member of the 'Administrators' space role.
has the 'Jira Administrators' and the 'Jira System Administrators' global permissions.

jira-users

Typically contains every JIRA user in your system. By default, this group:

is a member of the 'Users' space role.
has the 'Jira Users' and 'Bulk Change' global permissions.

What are permissions and permissions schemes?

Permissions are settings that control what users can see and do within Jira. For example, some permissions dictate whether users can create new spaces and whether a user can see a specific type of comment on a work item.

A permission scheme refers to the varying combinations of permissions granted to groups, space roles, and users on a per-space basis. In many organizations, multiple spaces have the same needs regarding access rights. For example, only the specified space team may be authorized to assign and work on work items.

Every space has a permission scheme. One permission scheme can be associated with multiple spaces. Permission schemes are copied from space to space to prevent having to set up permissions individually for every space.

What types of permissions exist?

There are three types of permissions in Jira applications: global permissions, space permissions, and work item permissions.

Global permissions are system wide and are granted to groups of users.
Space permissions are created within permission schemes, which are then assigned to specific spaces.
Work item permissions are created within permission schemes, which are then assigned to specific spaces.

Global Permissions

Global permissions refer to what users can do system-wide, such as whether users can see the other users in the application. These apply to applications as a whole, not individual spaces. Global permissions are granted to groups of users and can be set by a user with the Jira system administrator permission or a user in a group with Jira administrator access.

Some examples of global permissions include:

Jira system administrators (Server only)
Permission to perform all Jira administration functions.

Jira administrators
Permission to perform most Jira administration functions.

Jira users
Permission to log in to Jira.

Browse users
Permission to view a list of all JIRA user names and group names. Used for selecting users/groups in popup screens. Enables auto-completion of user names in most 'User Picker' menus and popups.

Make bulk changes
Modify collections of work items at once, including these operations:

Bulk edit
Bulk move
Bulk workflow transition
Bulk delete

Please note: People who have the Jira System Administrators permission can perform all of the administration functions in JIRA, while people who have only the Jira Administrators permission cannot perform functions which could affect the application environment or network.

Learn more about global permissions

Space Permissions

Space permissions refer to what users can do in a space. Space permissions are first created within permission schemes, which are then assigned to specific spaces.

Please note: Space admin cannot customize the permission schemes for a space. These permissions can be set by a user with the Jira System administrator permission or a user in a group with administrator access.

Some examples of space permissions include:

Administer spaces
Permission to administer a space in Jira. This includes the ability to edit space role membership, space components, space versions, and some space details ('Space Name', 'URL', 'Space Lead', 'Space Description').

Browse spaces
Permission to browse spaces, use the Work item Navigator, and view individual work items. Many other permissions are dependent on this permission, e.g. the 'Work On Work items' permission is only effective for users who also have the 'Browse Spaces' permission.

Manage sprints
Permission to perform the following sprint-related actions for all spaces in a board.

View workflow
Permission to view the space's 'read-only' workflow when viewing a work item.

Learn more about space permissions

Work item Permissions

Work item permissions refer to what users can to a work item, within the bounds of the space’s permissions and are organized into security schemes. These permissions can be set by a user with the Jira System administrator permission, a user in a group with admin access, or a space admin.

Some examples of work item permissions include:

Assign Work items
Permission to assign work items to users. Also allows autocompletion of users in the Assign Work item drop-down.

Assignable User
Permission to be assigned work items. (Note that this does not include the ability to assign work items; see Assign Work item permission above).

Close Work items
Permission to close work items.

Create Work items
Permission to create work items in the space.

Delete Work items
Permission to delete work items.

Edit Work items
Permission to edit work items (excluding the 'Due Date' field — see the Schedule Work items permission).

Link Work items
Permission to link work items together.

Learn more about work item permissions

What are space roles?

Space roles are a flexible way to associate users and/or groups with particular functions and spaces. They are similar in concept to groups, with the main difference being that group membership is global whereas space role membership is space-specific. Additionally, group membership can only be altered by Jira administrators, whereas space role membership can be altered by space administrators. Jira administrators can create, edit, and/or delete space roles according to your organization’s needs.

Users are assigned space roles, and these roles are used in permission schemes to assign permissions to a user. These schemes are then leveraged by several spaces to administer their permissions.

Mapping logic of assigning user a project role in Jira Software

Multiple users can be assigned to a role, but similarly, multiple roles can be assigned to a user.

Assigning a user multiple project roles in Jira Software

Consider the following use case: Your organization requires all software development work items to be tested by a Quality Assurance person before being closed.

Create a space role called Quality Assurance.
Create a permission scheme called Software Development and assign the 'Close Work item' permission to the Quality Assurance space role, meaning someone on the QA team has to inspect the work item and deem it ready for deployment.
Associate the Software Development permission scheme with all software development spaces.
For each software development space, add the appropriate Quality Assurance people to the Quality Assurance space role.

In Jira, there are 3 default space roles: Administrators, Developers, and Users.

Administrators
These users administer a given space in your Jira application. They can add new users or groups, and manage components and versions as well. A space administrator is someone who has the space-specific 'Administer Space' permission, but not necessarily the global 'Jira Administrator' permission.

Developers
These users work on work items in a given space. They can be work items assignees and can edit, and log work on those work items.

Users
These users create work items in a given space. They can view and comment on the work items they raised.

Learn more about space roles