• Documentation

Types of permissions in Jira

Jira has several layers of access controls that admins can use to restrict access and capabilities.

Restrict access across Jira

At the highest level, Jira admins can control access to their site and non-space-specific capabilities using global permissions. These permissions apply across the entirety of your site, and include such actions as the ability to:

  • create new spaces

  • make changes to multiple work items at one time, and

  • share dashboards and filters

These permissions can be granted to groups created by your Organization admin. More about managing groups

If you’re an Organization admin or a Site admin, you’ll need to add yourself to the jira-administrators group. More about administration roles outside Jira

More about granting permissions across Jira

Restrict access at the space level with permission schemes

Spacepermission schemes, space roles, and work item security schemes aren’t available on Free Jira sites. More about Free plans

What users can do in a space is handled by a separate and more granular set of permissions, which are managed using permission schemes. These permissions determine whether users can:

  • make changes to a space configuration

  • create new work items

  • add or remove comments on work items

More about permission schemes

These schemes, which can be shared by multiple spaces, grant space permissions to groups that your organization admin has created, individual users, or to users who hold a specific role within a space – also called space roles. By using space roles instead of explicitly-defined users, Jira admins can use the same schemes across multiple spaces without needing to constantly update them. In more practical terms, this empowers Space admins to grant permissions to team members in the space they work without requiring help from a Jira admin. More about space roles

If you want to hide an entire space that contains sensitive information, you can create data classification levels which Space admins can be applied to an entire space in Jira Cloud or in Jira Service Management.

Restrict access at the work item-level

Lastly, Jira admins can add restrictions to individual work items using workflows and work item security schemes.

Workflows

Using workflows, admins can limit what users can do on specific work items to:

  • limit users' access while work is in a specific status

  • restrict changes to a work item based on its status

  • block work from progressing to a new status until it meets acceptance criteria

By these powers combined, Jira admins can systemically align Jira with their organization’s ways of working. More about space workflows

Work item security schemes

Jira admins can use work item security schemes to restrict the visibility of individual work items within an otherwise accessible space. Once configured, a work item security scheme hides work items from public view, save for users who have permission to view sensitive information. This is applied independently from space permissions. More about work item security schemes

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageRestrict access across JiraRestrict access at the space level with permission schemesRestrict access at the work item-levelWorkflowsWork item security schemes
CommunityQuestions, discussions, and articles