This page describes the different types of permissions and access rights that can be set up in Jira applications.
You can't edit project permissions or roles on the Free plan for Jira Software or Jira Work Management, and you can't configure issue-level security on any Free plan (including Jira Service Management). Find out more about how project permissions work in Free plans. To take advantage of Jira's powerful project permission management features, upgrade your plan.
What are permissions?
Permissions are settings within Jira applications that control what users within those applications can see and do. All Jira applications allow a variety of permissions: from whether users can create new projects to whether a user can see a specific type of comment on an issue. These permissions can differ between applications.
Types of permissions
There are three types of permissions in Jira applications, and they range from the high-level to granular:
- Global permissions - These apply to applications as a whole, not individual projects (for example, whether users can see the other users in the application).
- Project permissions - Organized into permission schemes, these apply to projects (e.g. who can see the project's issues, create, edit and assign them). While project admins can assign users to a project, they can't customize the permission schemes for a project. There are lots of project-level permissions you can set to control what users can do within a project.
- Issue security permissions - Organized into security schemes, these allow the visibility of individual issues to be adjusted (within the bounds of the project's permissions). For example, issue security permissions can let you set up types of issues that can only be seen by project admins or users in specific groups.
How do permissions get assigned?
Permissions can be assigned to groups or to project roles/and or issue roles. This diagram illustrates how permissions are assigned to users:
Who can set permissions?
Permission | Can be set by | For more info, see... |
---|---|---|
Global permission | A user with the Jira System administrator permission A user in a group with Admin access | |
Project permission | A user with the Jira System administrator permission A user in a group with Admin access | |
Issue security permission | A user with the Jira System administrator permission A user in a group with Admin access A project admin |
Board permissions can be divided into two parts — board administration permissions and board usage permissions.
- Board administration permissions cover functionality for changing the configuration of a board. For example, changing columns, customizing cards, etc. Board administration can be assigned to groups or users. Learn more: Configuring a board
- Board usage permissions cover functionality for the usage of a board. For example, creating sprints, ranking issues, etc. Board usage permissions are derived from project permissions. This is described in more detail below.
Jira Software functions by permission
In the Jira Software documentation, most configuration options are described as being restricted to either Jira administrators, project administrators, or board administrators.
- A Jira administrator is a user with the Administer Jira global permission.
- A project administrator is a user with the Administer projects project permission for a particular project.
By default, the 'Administer projects' permission is assigned to the 'administrators' group (via the Administrators role) for projects.
Additionally, to perform sprint-related actions, users need the 'Manage sprints' permission for all projects in the origin board — the origin board being the board in which the sprint was originally created. - A board administrator is a user that has been added to the Administrators for a particular board.
By default, the administrator of a board includes the person who created it.
Board administration
Function / Functional area | Jira | Project admin | Board admin | Notes |
---|---|---|---|---|
Create board | If you create a board via Boards (in header) > Manage Board, you will not be able to share it, unless you have the 'Create Shared Objects' global permission. If you create the board via the methods below, you do not need the 'Create Shared Objects' global permission to share the board:
| |||
Simplify workflow | The board must meet other criteria as well (see Simplified Workflow) | |||
Add status | Project must be currently using the Simplified Workflow. You need to be a Jira admin or board admin (to view the board configuration). In addition, you need to be a project admin for the one project that is on the board. | |||
Remove status | Project must be currently using the Simplified Workflow. You need to be a Jira admin or board admin (to view the board configuration). In addition, you need to be a project admin for the one project that is on the board. | |||
All other board configuration functions |
Board usage
Board usage permissions are derived from project permissions. Depending on the complexity of your board's filter query, you may need further consideration when configuring the 'Manage Sprints' permission for users. For more information on the impact of complex filters, and ways to simplify your filter query, see Using Manage Sprints permission for advanced cases.
Function | Permission Level | Notes |
---|---|---|
Backlog — Sprints | ||
Move sprint footer | Manage Sprints permission (for all projects in the board) Schedule Issues permission and Edit Issues permission | |
Move issue (reorder/rank) | Schedule Issues permission and Edit Issues permission | Not required if you only move issues across the sprint footer without changing the order of the issues |
Start sprint | Manage Sprints permission (for all projects in the board) | Similar permission to creating a Version. Board ownership does not play a role here. |
Create sprint | Manage Sprints permission (for all projects in the board) | This permission applies even if the sprint (that is to be started) does not include issues from all projects queried by the board. |
Edit sprint information | Manage Sprints permission (for all projects in the board) | Can only be done in the backlog |
Reorder sprint | Manage Sprints permission (for all projects in the board) | |
Delete sprint | Manage Sprints permission (for all projects in the board) | |
Add issue to sprint | Schedule Issues permission and Edit Issues permission | |
Active sprints — Sprints | ||
Add issue to sprint | Schedule Issues permission and Edit Issues permission | |
Complete sprint | Manage Sprints permission (for all projects in the board) | Can only be done in Active sprints |
Remove issue from sprint | Schedule Issues permission and Edit Issues permission | |
Backlog — Epics | ||
Create epic | Create Issues permission | |
Rename epic | Edit Issues permission | |
Rank epic | Schedule Issues permission | |
Add issue to epic | Edit Issues permission | |
Remove issue from epic | Edit Issues permission | |
Backlog — Versions | ||
Create version | Project Admin permission, or Jira Admin permission | |
Edit version | Project Admin permission, or Jira Admin permission | |
Add issue to version | Edit Issues permission | |
Remove issue from version | Edit Issues permission |
Jira Service Management global and project permissions
Jira Service Management provides a standard permission scheme (Jira Service Desk Permission scheme for project) that automatically gives your service project users the correct permissions for the project role they are in. For example, adding agents to your service project will add users to the Service Desk Team role. This role gives them access to Jira Service Management projects to which they're assigned and also allows them to work on issues.
Global permissions
At installation time, Jira Service Management creates a global permission named Jira Service Desk agent access. If agent based pricing is enabled for the instance, users who require access to agent views or functionality need to have this permission. The number of users who are granted this permission determines how many agent licenses are used on the system.
Project permissions
This table shows the permission configuration for a standard service project permission scheme:
Project Permissions | Users / Groups / Project roles | Explanation |
---|---|---|
Administer Projects | Project Role (Administrators) | Permission to administer a project. This includes the ability to edit project role membership, project components, project versions and certain project details (Project Name, URL, Project Lead, Project Description). |
Browse Projects | Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue security). Many other permissions are dependent on this permission, e.g. the 'Work On Issues' permission is only effective for users who also have the 'Browse Projects' permission. | |
View Development Tools | Permission to view the Development panel, which displays information from Bitbucket, GitHub, Fisheye, Crucible and Bamboo, if Jira Cloud is integrated with compatible versions of these applications. | |
View (Read-Only) Workflow | Permission to view the project's 'read-only' workflow when viewing an issue. This permission provides the 'View Workflow' link against the Status field of the 'View Issue' page. | |
Issue Permissions | Users / Groups / Project roles | Explanation |
Create Issues | Permission to create issues in the project. (Note that the Create Attachments permission is required in order to create attachments.) Includes the ability to create sub-tasks (if sub-tasks are enabled). | |
Edit Issues | Permission to edit issues (excluding the 'Due Date' field — see the Schedule Issues permission). Includes the ability to convert issues to sub-tasks and vice versa (if sub-tasks are enabled). Note that the Delete Issue permission is required in order to delete issues. The Edit Issue permission is usually given to any groups or project roles who have the Create Issue permission (perhaps the only exception to this is if you give everyone the ability to create issues — it may not be appropriate to give everyone the ability to edit too). Note that all edits are recorded in the issue change history for audit purposes. | |
Transition Issues | Permission to transition (change) the status of an issue. | |
Schedule Issues | Permission to schedule an issue — that is, to edit the 'Due Date' of an issue. In older versions of Jira this also controlled the permission to view the 'Due Date' of an issue. | |
Move Issues | Permission to move issues from one project to another, or from one workflow to another workflow within the same project. Note that a user can only move issues to a project for which they have Create Issue permission. | |
Assign Issues | Permission to assign issues to users. Also allows autocompletion of users in the Assign Issue drop-down. (See also Assignable User permission below) | |
Assignable User | Permission to be assigned issues. (Note that this does not include the ability to assign issues; see Assign Issue permission). | |
Resolve Issues | Permission to resolve and reopen issues. This also includes the ability to set the 'Fix For version' field for issues. Also see the Close Issues permission. | |
Close Issues | Permission to close issues. (This permission is useful where, for example, developers resolve issues and testers close them). Also see the Resolve Issues permission. | |
Modify Reporter | Permission to modify the 'Reporter' of an issue. This allows a user to create issues 'on behalf of' someone else. This permission should generally only be granted to administrators. | |
Delete Issues | Permission to delete issues. Think carefully about which groups or project roles you assign this permission to; usually it will only be given to administrators. Note that deleting an issue will delete all of its comments and attachments, even if the user does not have the Delete Comments or Delete Attachments permissions. However, the Delete Issues permission does not include the ability to delete individual comments or attachments. | |
Link Issues | Permission to link issues together. (Only relevant if Issue Linking is enabled). | |
Set Issue Security | Permission to set the security level on an issue to control who can access the issue. Only relevant if issue security has been enabled. | |
Voters & Watchers Permissions | Users / Groups / Project Roles | Explanation |
View Voters and Watchers | Permission to view the voter list and watcher list of an issue. Also, see the Manage Watcher List permission. | |
Manage Watcher List | Permission to manage (i.e. view/add/remove users to/from) the watcher list of an issue. | |
Comments Permissions | Explanation | |
Add Comments | Permission to add comments to issues. Note that this does not include the ability to edit or delete comments. | |
Edit All Comments | Permission to edit any comments, regardless of who added them. | |
Edit Own Comments | Permission to edit comments that were added by the user. | |
Delete All Comments | Permission to delete any comments, regardless of who added them. | |
Delete Own Comments | Permission to delete comments that were added by the user. | |
Attachments Permissions | Users / Groups / Project Roles | Explanation |
Create Attachments | Permission to attach files to an issue. (Only relevant if attachments are enabled). Note that this does not include the ability to delete attachments. | |
Delete All Attachments | Permission to delete any attachments, regardless of who added them. | |
Delete Own Attachments | Permission to delete attachments that were added by the user. | |
Time Tracking Permissions | Users / Groups / Project Roles | Explanation |
Work On Issues | Permission to log work against an issue, i.e. create a worklog entry. (Only relevant if Time Tracking is enabled). | |
Edit Own Worklogs | Permission to edit worklog entries that were added by the user. (Only relevant if Time Tracking is enabled). Also, see the Work On Issues permission. | |
Edit All Worklogs | Permission to edit any worklog entries, regardless of who added them. (Only relevant if Time Tracking is enabled). Also, see the Work On Issues permission. | |
Delete Own Worklogs | Permission to delete worklog entries that were added by the user. (Only relevant if Time Tracking is enabled). Also, see the Work On Issues permission. | |
Delete All Worklogs | Permission to delete any worklog entries, regardless of who added them. (Only relevant if Time Tracking is enabled). Also, see the Work On Issues permission. |
Using custom permission schemes
If you are a Jira administrator and you want to customize the standard permission scheme, make sure that the roles have the mandatory permissions. See Customizing JIRA Service Desk permissions.
Resolving permission scheme errors
If you encounter any error messages related to your service desk's permission scheme, check out Resolving service desk project permission errors.