The security settings can be configured only when the 'Default Roles' option is selected in the Technical Configuration of the App (you have to go to Jira settings > Manage Apps to access configuration of the add-on).

In general, information on Security settings can be found on following pages:

  • Box Types - this page contains information on configuring the default Security settings that work as a template when you create new Boxes and the Inheritance mode.
  • Global Roles - you are on this page - it explains App Administration settings and how access to the App is granted to, for example, Jira users.
  • Box configuration - this page explains what roles are available within the App and how to change them for an individual Box.
  • Technical Configuration of the App - this page gives you information on how to activate/deactivate use of roles within the App.
  • Security - this page explains the impact of setting up security Roles for the Home (root) Box and lists available roles.

You can change the global security in the App's Technical configuration, otherwise, all users will be granted highest level permissions. 

Besides the Jira permission and security settings which are always respected by the app, there are two main levels of security:

  • App level (this page)
  • Root level
  • Box level

Once you have enabled the "Default roles", permissions can be granted to both individual users and to Jira groups (Jira groups can be only created by a Jira Admin).

Security and access

Only a user with the App admin security role can access and change the Security settings.

To view this page go to BigPicture drop down at the top > Administration > Security.

 Click here to expand...


Global security roles

App Admin

With this security role you have an administration access to every Box, Gadget and to the Business Administration. This means that as an App Admin you will be able to see all the created Boxes and have access to configuration areas. 

Jira admins are automatically granted the App admin security role, even though they aren't automatically listed in App Administration > Security tab.

App Administrators don't necessarily need to be Jira Administrators. You can simply add a user as an "App Admin" if you want them to be able to have full permissions in the App (access to all configuration, settings and ability to edit/create/delete Boxes and tasks).

Adding someone as an App admin doesn't mean they are listed as users for individual Boxes, but they do have full access. 

 Click here to expand...

June has been added as an App Admin

She has full access to the App and all the Boxes

Even though June is not listed as a Box Admin, she has the same permissions


App user 

With this role you have basic access to the App and see the App's name on the header. Remember that this does not mean you have access to any Boxes.

For Example, Aaron has been added as an App user in the App's administration, but hasn't been added to any existing Boxes. Even though he can access the App, when he goes to "Home" he will see "There's nothing to display" message.

 Click here to expand...

June is taking over the EMEA Initiative. She has been added to the Box as an admin, but hasn't beed added as a user in App Administration. When she logs in, she can't access the BigPicture.

 Click here to expand...


After logging in, June doesn't have access to BigPicture.


Make sure to grant users access to Boxes and Gadgets as well as access to the App itself.