The difference between Jira groups and Jira roles (and how to manage them)

Managing user access and permissions is an essential part of any Jira implementation. In this article, we explore the three key components of Jira permission and access management: groups, roles, and permission schemes.

What are Jira groups?

Jira groups are a powerful tool for organizing and managing users within a Jira instance. They can be based on a user's role, team, department, or any other criteria that makes sense for your team. 

When should Jira groups be used?

You typically use  Jira groups when you want to grant the same set of permissions to a group of users based on shared characteristics. This is especially useful when you have a large number of users, and want to manage their access to different parts of Jira. 

There are four typical scenarios where you might use Jira groups:

1. Project-based: You create a Jira group for all users working on a specific project. You grant them access to create, edit, and resolve issues related to that project.
2. Role-based: You create a Jira group for all users who have a particular role within the organization, and grant them specific permissions based on their role (developers, testers, admins). 
3. Department-based: You create a Jira group for all the users who work in a particular department (like marketing, for example), and grant them access to the Jira projects and issues relevant to their department.
4. Custom: You create Jira groups based on other criteria like geographic location, customer segment, product line, and so on, in order to tailor access and permissions based on unique needs. 

Jira groups ensure that users are given the appropriate level of access to Jira resources, while also making it easier for you to manage permissions across multiple users at once.

How to create a group in Jira Cloud

Here’s how to create a group in Jira Cloud. (NOTE: You’ll need admin access to your Jira instance.) 

1. Log in to Jira as an admin.
2. Click on "Settings" in the top right corner, then select "User management."
3. Select “Groups” in the left-hand menu.
4. Click on the "Create group" button in the top right corner.
5. Enter a name and description. (Make sure the name is unique.)
6. Click on the "Create" button to save your new Jira group.

What are Jira roles?

A Jira role is a predefined set of permissions assigned to a user or group in Jira; it defines what a user or group can do. A Jira role includes things like creating or editing issues, managing configurations, or running reports. Jira project roles were created to help you organize and manage the different types of users involved in a project. Different Jira roles will have different sets of permissions and responsibilities.

Everything to know about Jira bulk edits

Jira groups vs. Jira roles

You use groups to organize users into logical categories, but Jira roles are used to define what each group or user can do in Jira. In other words, use groups to manage user access, use roles to manage user permissions.

What are the different default roles in Jira?

Users can have different Jira roles, and responsibilities or permissions vary with each role. You can customize or combine these roles to suit your organization or a specific project. 

Here are the default Jira project roles:

1. Administrator — is the most powerful role in Jira; can access all Jira features and manage users, groups, and permissions.
2. Project Manager — manages one or more projects in Jira; can create and manage project boards, workflows, and issues.
3. Developer — develops code for the project; can create and edit issues, view project boards, and collaborate with other team members.
4. Reporter — reports bugs and issues within the project; can create and edit issues, and comment on issues assigned to them.
5. Assignee — works on issues assigned to them; can update the status of issues, add comments, and collaborate with other team members.
6. Viewer — views project boards and issues, but cannot make changes or updates.

When should Jira roles be used?

Jira roles should be used when you want to assign specific permissions and access to users based on their role or responsibilities within a project or organization. By defining different roles, you enable team members to focus on their specific tasks and responsibilities, without interfering with other people’s work. For example, developers may require access to certain features that are irrelevant to project managers. 

Managing roles and groups with a Jira permission scheme

In practice, Jira groups and Jira roles are often used together to manage user access and permissions in a more organized and efficient way. 

What is a Jira permission scheme?

A Jira permission scheme is a set of rules defining who can perform certain actions within a Jira project or instance. Jira project permissions define which users or Jira groups can perform specific actions, like creating or editing issues, transitioning workflows, or managing project settings. Jira user management and access management is simpler with a defined permission scheme. 

Each Jira project has its own permission scheme, which can be customized to suit the specific needs of the project. For example, you might have a Jira permission scheme that allows only certain users to create or edit issues, or a Jira permission scheme that restricts access to project settings to a specific group of users. 

Key components of a Jira permission scheme

A Jira permission scheme consists of:

1. Permission levels that determine the actions users can perform like “browse,” “create,” “edit,” “delete,” and “assign.”  
2. Permission types that correspond to each permission level, like “project permission,” “global permission,” or “issue permission.”
3. Permission assignments to show who can perform what. A Jira permission scheme assigns specific permissions to groups or roles, like “administrators,” “developers,” or “reporters.”

Applying a permission scheme to Jira roles and groups

Once you’ve applied the permission scheme to the Jira role or group, any user who belongs to that role or group will have the permissions defined by that scheme. You can also apply multiple permission schemes to the same Jira role or group if you need to.

It's worth noting that Jira groups can also be used in conjunction with project roles to define specific permissions for users within a project. For example, you might create a Jira group for testers and assign it to the "Testers" project role, which has specific permissions for testing and quality assurance tasks. This way, any user who is assigned to the "Testers" role in a project will have the permissions assigned to the "Testers" role, as well as any permissions assigned to the Jira group.

Best practices for managing Jira permission schemes

Here are some best practices for managing Jira permission schemes:

1. Keep permission schemes simple to avoid confusion and maintain security. 
2. Test Jira permission schemes thoroughly before deployment, to make sure they work as expected. 
3. Instead of setting roles and permissions manually, automate the process with third-party apps. For example, with JSU Automation Suite for Jira Workflows, you can automatically set the assignee based on previously-set conditions.
4. Audit permission schemes regularly to ensure they remain relevant and effective. 
5. Use role-based permissions — instead of individual users or groups — to govern standard workflows. With apps like JMWE, you can set up workflow rules based on role-based permissions or individual users or groups, to standardize and safeguard recurring processes automatically. 
6. Document your Jira permission schemes and make sure all stakeholders fully understand them. 
7. If you need to set more granular roles and permissions, (like if you need to hide certain fields for users with a specific role) Power Scripts has full flexibility to help you do that.
8. Integrate permissions into your corporate account management tooling, so that automation takes care of adding users to the right permission scheme during onboarding, or when a help ticket is approved.

Managing Jira permissions and access efficiently can improve productivity and security. Use groups, roles, and permission schemes to set up your workflows in a way that makes sense for your team. (We’ve got apps that can help!)