Access Permissions And Security Flashcards
Default config of a Kanban company-managed Notification Scheme
All watchers, Current assignee, and Reporter
Can users view issues created prior to a change in permissions?
No
Do team managed projects use Issue Security Levels/Schemes?
No, it uses access levels
Team managed access levels
- Open –> anyone can view and create issues on the project ( anyone who logs in)
- Limited –> view and comment
- Private –> only people added to project can view issues
What exists in Jira Cloud that doesn’t exist in Jira Server/Data-Center
Team managed projects
The three admin types:
org admin, Jira admin, project admin
Org Admin
configure organisation wide settings:
* Billing and product subscriptions,
* verifying or removing domains
* configuring managed accounts, users, groups product access
When you create an organisation, you become an organisation admin and automatically get admin permissions in Jira.
What are the global permissions
Administer Jira
Browse users and groups
Share dashboards and filters
Manage group filter subscriptions
Make bulk changes
Create team-managed projects
Team managed default roles:
- Administrator
- Member
- Viewer
Product admin
administer product settings.
You have access to the system administration menus and configure project schemes.
What permissions are needed to Log Work?
Browse Projects, Edit Issues and Work on issues.
What permissions are needed to Edit Issues?
Browse Projects, Edit Issues
Product admins what do they do ?
They administer settings inside the product depending on group memberships. ( don’t have product access)
NOTE: Product admins for Jira products have product access to Jira or Jira Service Management.
Product Admin (Jira Administrator role)
Product Admin (Jira Administrator role)
allows them to create and manage projects without having access to all global administration features.
This role typically allows the user to manage project configurations, workflows, schemes, etc., without giving them access to critical global settings like user management or site-wide permissions.This role doesn’t grant access to the product.
They administer users and groups from admin.atlassian.com for a specific product in your organization.
What needs to be done before Atlassian guard can be enabled
Verify your organisations domain
What permissions are needed to create versions?
Be project admin
Why wouldn’t a user be able to use their Atlassian credentials anymore?
Their email domain might have been verified. They’ll be redirected to their org identity provider when they attempt to login to the cloud.
Do invitation links require admin approval?
No
What can board admins do?
Configure columns, swimlanes, card colours, issue details view etc..
Managed accounts:
If a user has an e-mail address with a domain that your company hasn’t verified what haapens ?
The user’s account is unmanaged and the user doesn’t appear on your Managed Accounts page and you are unable to edit their account details.
( Its the same with accounts that have unverified Email addresses )
What is product access ?
- Allows login and access to a Jira Product
- You can have multiple default acess groups
- New users can get access through these default groups
who can edit permissions schemes ?
Jira Administrators are the only ones
Groups AND Roles can be used in:
Permission schemes
Notification schemes
Roles cant be used in:
Product acess and global permissions
When to use group over role ?
if many projects share a scheme and the number of users is small and never changes.
When to use a role over a group?
many users
they change often
they vary by project
project administrators Should be able to make changes
What to investigate if user can see and issue but not another in a project?
- Issue level
- Issue Security scheme
- Security levels
- Groups Roles
What permissions are needed to migrate from one project to another?
Move issues
Create issues
Edit issues
What to investigate if user can see a software board but not another ?
A user can see one software board but not another then can they see the project?
If not, then check Browse Projects permission at the project level
Otherwise check the board filtre and with whom that filtre is shared.
What to investigate if User cannot see any boards?
Check product access to Jira Software and the groups listed there.
Only a Jira Software user can see the product specific features such as agile boards, development tools, or release information.
What happens if you Suspend Access for a User ?
- He is suspended temporarely ( can be reinstated )
- Cannot acess any product in the organization.
- Status shows as Suspended for the user listed.
- Will still use up licences
Useful for when user is temporarely away
What happens if you Remove a User ?
- Wont be able to access product or collaborate with the team
- User needs to be reinvited
- Work activity and history is preserved.
- can remain as an assignee
- Will still consume licence
What happens if you Deactivate an account ?
- Account can no longer be used
- Cannot log into atlassian accoutn service
- User doesnt count towards Licence limit
- You can still search for them
- activity is preserved
- shows as deactivated
What happens if you Delete an account ?
- Permanent
- Deleted from all organizations
- Other Atlassian services cannot be accessed
- Side effects
company managed
Issue level security configuration:
- Create issue security scheme
- configure security levels
- you need the Security level field on the screens
- Needs to be done by a Jira Admin.
You can set a default security level (optional)
You can associate the security scheme to different projects
company managed
Who can set the Issue level security?
Those with edit issue permission and set issue security permissions.
They can set only a level they are in already.
Team managed
Issue security configuration
- Issue type configuration screen ( padlock icon )
- Choose to only allow a role to view by default
- Changes to default restrictions only apply to new issues
Team managed
Who can set the Issue level security?
- Admins
- roles that have a premission to “restrict any issue”
Implications of issue security:
Secured issues are inaccessible:
* boards
* service management queues
* search results and filters
* reports and gadgets
* notifications
* issue links arent visible as hyper links
* subtasks
Use cases for issue security levels:
- Issues should be seen only by a static set of users ( group roles)
- Issues should be seen only by a dynamic set of users ( user in a custome field –> user picker)
- Reporters should only see their isseus
