Access control
What is Access control?
App Access Control is designed to restrict and manage user access to an app within Jira
Jira Admins can access the app even if they are not part of any group specified in Access Control.
It ensures that only authorized users or groups can interact with the app, enhancing security, compliance, and data privacy.
Who can set the Access control?
Jira Admins / Confluence Admins – They have the highest level of control and can configure access settings.
They can define which users or groups have access to the app, ensuring security and compliance based on organizational requirements.
App-Specific Admins – If the app has a dedicated admin role, those users can also manage access.
Organization Admins (Atlassian Access) – In enterprise environments, org admins may have control over app permissions.
Which permissions do the Jira admins have?
Jira Admins have extensive control over the Jira instance, including user management, project configurations, system settings, and app installations. Their permissions typically include:
Global permissions (Instance level)
Manage users, groups, and roles
Configure global settings (e.g., time tracking, issue types, workflows)
Install, update, and manage Marketplace apps
Set up system-wide security & access controls
Configure app access control
Perform site-wide backups & restores
Project Permissions (Project-Level)
Create and manage projects
Configure project-specific settings, workflows, and fields
Modify permissions for project users
Delete and archive projects
Issue Permissions (Issue-Level)
Bulk update & delete issues
Assign and transition issues across workflows
Override issue security settings
Can Jira Admin Permissions Be Changed?
Yes, but with limitations. The Jira System Admin role is predefined and cannot be entirely removed. However, you can:
Restrict Jira Admin Access by modifying Global Permissions
Create Custom Admin Roles using Permission Schemes (for project-level control)
Use Atlassian Access & SSO to enforce strict access policies
Limit Sensitive Actions (e.g., app installations) using third-party security tools
Different types of Permissions in Revyz app
Groups | Permissions | Access | Description | Comments | |
|---|---|---|---|---|---|
| 1 | Jira-administrator | App access |
| This permission defines if the group has the access to the Revyz app. | |
| 2 | jira-admins-revyz-qa-sandbox-519 | Initiate backup |
| This permission defines if the users part of group has access to trigger a backup job. | |
| 3 | org-admins | Clone Requester |
| Enable this to grant the selected group permission to initiate clone jobs. Only users in the group with this permission can trigger clone jobs. | Support for below Clone Jobs:
|
| 4 | site-admins | Clone Approver |
| Enable this to grant the selected group permission to approve clone jobs. The clone job will remain pending for approval until approved. | |
| 5 | Jira-admins-revyz-qa | Cleanup |
| This permission defines if the users part of group has access to trigger a cleanup job. |
Examples of Restore jobs
Scenario | Permissions | Job status | Action | |
|---|---|---|---|---|
| 1 | If cloning the data on same site | Clone Requestor Clone Approver | RUNNING | Job will be completed. |
| 2 | If cloning the data on cross site site | Clone Requestor Clone Approver | RUNNING | Job will be completed. |
| 3 | If cloning the data on cross site | Clone Requestor Clone Approver | PENDING FOR APPROVAL | Approver needs to approve the request on destination site |
