tags:

views:

85

answers:

3
+2  Q: 

When and how should one use project roles instead of groups within JIRA?

I am having a little difficulty understanding when a person should configure JIRA permissions using groups and when they should use project roles. I have read the online documentation, however, the difference between the two seems subtle.

A group seems simple enough. Group users into a named bucket. Assign the group to one or more permissions within a permission scheme to enable access to functionality for any users within the group. Assign the permission scheme to a project to apply the permissions to that project.

A project role seems very similar. It does all of the above except that you can also add groups to project roles. It seems that a project role also allows a project administrator to add their own users to a project instead of requiring a system administrator.

However, I am not sure how I can leverage this. Here is an example of what I want to achieve.

  1. Have multiple projects created in JIRA.
  2. All of our managers, developers, etc. have the same permissions across all projects.
  3. Our clients have access only to their projects.

I think that the best way to accomplish this is to:

  1. Create an employees group to which I add all of our employees.
  2. Create one or more project roles to which I add the appropriate clients.
  3. Assign permissions to the Default Permissions Scheme using the employees group.
  4. Copy the Default Permission Scheme to a new project specific scheme, e.g., client-scheme
  5. Assign the client-scheme to the client specific project.

However, it seems that I am not leveraging project role membership. How does this come into play?

What is the best practice for using JIRA groups and project roles? What is the different between the two?

+2  A: 
Francis Martens  2010-09-03 05:16:43
How does the JIRA Users global permission relate to this, if at all? It seems that users must have this permission in order to log in to JIRA. Since JIRA Users can only be assigned a group do I need a group for customers as well?
Ryan Taylor  2010-09-03 12:55:41
The global permissions are for setting permissions on global functionalities such as accessing JIRA, administrative tasks, bulk changes and so on.You should use at least one group to designate the people who are allowed to access JIRA (normally the group JIRA_users, but I've seen instances where they had 3 different groups)
Francis Martens  2010-09-03 14:27:00
So you might have one group 'employees', one group 'customers' and provide these two groups permission to access JIRA. When a new employee starts, add her to the employees group. She will have access to JIRA and to all projects. When a new customer is added, add him to the customers group and to the specific projects where he should have access to - having the customer role.
Francis Martens  2010-09-03 14:27:24
Thanks for the clarification. This has been very helpful.
Ryan Taylor  2010-09-04 01:17:25
+1  A: 

Historically, JIRA had groups first. Then roles came along and are the recommended way to control authorization in most cases.

~Matt

mdoar  2010-09-03 19:46:06
A: 

Groups are global. Roles can be thought of as per-project (local) groups.

Roles are much better: else with a large number of projects you quickly end up with a proliferation of Groups and permission schemes (one per project).

You lose nothing by using role-based permission schemes, since you can add a Group to a role.

But you gain a lot of flexibility. Eg you'd currently have the Employee role be filled with your Employees group for every project, but as your company and complexity grows, you can have different Employees per project, without having to change the permission schemes

Vladimir Alexiev  2010-10-07 08:44:44

related questions

C#: Where to implement a custom IEnumerator<T>
What replaces Configuration Application Block(of 1.0) in Enterprise Library 4.0 or 4.1?
The patterns and practices rabbit hole
Case conventions on element names?
Learning .NET practices by reading Effective Java, 2nd Edition
What is the proper etiquette for handling potentially reusable legacy code in large projects?
The proper way of raising events in the .NET framework
Front Controller vs. Façade pattern
Prism (Silverlight)
Data types between the Service (Application/Controller) and UI layers
Silverlight (3) best practices
Getting partially trusted callers error with Microsoft.Practices.EnterpriseLibrary when run exe using UNC path?
StringLengthValidator - localization not working
Export a Unity container information to xml configuration
Using hash functions for file storage?
Good Book for Patterns and Practices
PHP Idioms?
Why do people use __(double underscore) so much in C++
What are some possibly unique development standards in your country?
How to properly use Struts ActionForms, Value Objects, and Entities?
Business Entity Loading Pattern
Least favourite design pattern
A good pattern/solution to the social web user problem of point whoring?
Which Design Pattern is best for Iterative development?
Using Microsoft's Application Blocks