Manage permissions in your first space

You won't want every user in your team to have the same level of access to Jira. For example, you may want to restrict who can administer Jira, or prevent users from viewing a space. In this step, you will learn about the different permissions in Jira and set permissions for a new space.

Overview of roles, groups, and users

A role is a space-specific set of groups and/or individual users. In our example of the design project in the t-shirt business, all product managers need to be able to assign work items across all spaces, while senior designers need to be able to assign work on specific design spaces. In Jira, you can define a product manager role that includes all product managers. You can then define a set of permissions with the "Assign work item" permission for this role, and apply this set of permissions to all spaces. Individual senior designers can be added to the product manager role on each space, as needed.

Overview of global and space permissions

Global permissions cover a small set of functions that affect all spaces in Jira (for example, permission to administer Jira). They can only be assigned to groups: 

Space permissions cover a set of more granular functions that affect a single space. For example, permission to create work items in a space can be assigned to groups, users, and space-specific roles.

Now let's put this into practice! You're going to go through the tasks involved to use space permissions to hide a new, secret t-shirt design project from some of your users.

Create a new role

This role will only contain users that you want to view a particular space. We will assign permissions to this role in the next step.

1. Select Settings ().

2. Select System, then Space roles in the security section.

3. Add another role named "Review".

4. Leave the Description field blank for now and select Add space role.

5. Select Manage Default Members.

6. Select Edit under Default Users and add yourself and Jason to the Review space role (don't add Kate or Emma).

Configure a new permission scheme

The Browse Spaces permission controls whether a user can browse a space, i.e. whether they can view the space. Let's assign this permission to your new role.

1. Select Settings ().

2. Choose Work items, then Permission schemes.

3. Copy the Default Permission Scheme.

4. Edit the copied permission scheme and change the name to "Confidential Permission Scheme".

5. Select Update.

6. Select Permissions for the Confidential Permission Scheme.

7. Remove browse permission for anyone who can log in:
   
   

   1. Select Remove to the right of "Browse Spaces".

   2. Select "App access - Any logged in user".

   3. Select Remove.

8. Grant browse permission to our "Review" space role:
   
   

   1. Select Edit  to the right of "Browse Spaces".

   2. Select Space Role and Choose "Review" from the menu.

   3. Select Grant.

Associate the scheme with a new space

For the last step, let's associate the permission scheme with a new space.

1. Next to Spaces in the sidebar, select Create space ().

2. Choose the space type "Task tracking".

3. Name the space Top Secret Tee and Create.

4. Select Permissions, then Actions, then select Use a different scheme.

5. Set the Scheme to Confidential Permission Scheme and select Associate.

The only users that will be able to browse your new space are Jason and yourself. Note that default members are only added to a role for new spaces. You can also use this approach to restrict users from creating work items, adding comments, closing work items, and more.