I am having a little difficulty understanding when a person should configure JIRA permissions using groups and when they should use project roles. I have read the online documentation, however, the difference between the two seems subtle.
A group
seems simple enough. Group users into a named bucket. Assign the group
to one or more permissions within a permission scheme
to enable access to functionality for any users within the group. Assign the permission scheme
to a project
to apply the permissions to that project
.
A project role
seems very similar. It does all of the above except that you can also add groups
to project roles
. It seems that a project role
also allows a project administrator to add their own users to a project instead of requiring a system administrator.
However, I am not sure how I can leverage this. Here is an example of what I want to achieve.
I think that the best way to accomplish this is to:
group
to which I add all of our employees.project roles
to which I add the appropriate clients.group
.However, it seems that I am not leveraging project role membership
. How does this come into play?
What is the best practice for using JIRA groups
and project roles
? What is the different between the two?
We are advising to work with roles as it has a couple of advantages
For instance you might have a workflow transition 'validated' which can only be executed by someone who is a tester.
You have the choice to add a transition condition 'user is in group tester' or 'user has the role tester'.
If you are working in an organisation where users have different roles in different projects, choosing the first transition condition (user is in group tester) will not work (or you would need a new workflow for each project)
The same applies for notifications.
You can configure a notification on the 'issue resolved' event, specifying that the 'users in group tester' get notified or 'users who have the role tester'.
When using roles, adding someone to a project is very simple - just check what role the person has in the project, add them in the project configuration (view members) and you are done. He will have the right permissions, get the right notifications ...
When you use roles for configuration, you don't need system administration rights to add someone to a project. The project lead will be able to add the user. No need to bother the system admin.
Looking at your description, I would have
This way you can use the same permission scheme for all projects. When adding a new project, you just need to add the client specific userid to the client role. When a new employee start, you add him to the employees group.
The day that you have a specific, ultra secret project, where only a couple of employees need to have access, you can remove the group 'employees' from the role 'employee' and add the specific users to the role.
Hope this helps
Francis
Historically, JIRA had groups first. Then roles came along and are the recommended way to control authorization in most cases.
~Matt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With