The security settings can be configured only when the 'Default Roles' option is selected in the Technical Configuration of the App (you have to go to Jira settings > Manage Apps to access the configuration of the add-on).
In general, you can find information on Security settings on the following pages:
- Box Types - this page contains information on configuring the default Security settings that work as a template when you create new Boxes and the Inheritance mode.
- Global Roles - you are on this page - it explains App Administration settings and how access to the App is granted to, for example, Jira users.
- Box configuration - this page explains what roles are available within the App and how to change them for an individual Box.
- Technical Configuration of the App - this page gives you information on how to activate/deactivate the use of roles within the App.
- Security - this page explains the impact of setting up security Roles for the Home (root) Box and lists available roles.
You can change the global security in the App's Technical configuration. Otherwise, all users will be granted the highest level permissions.
Besides the Jira permission and security settings which are always respected by the app, there are two main levels of security:
- App level (this page)
- Root level
- Box level
Once you have enabled the "Default roles," permissions can be granted to both individual users and Jira groups (Jira groups can only be created by a Jira Admin).
Security and access
Only a user with the App admin security role can access and change the Security settings.
To view this page go to BigPicture dropdown at the top > Administration > Security.
Global security roles
With this security role, you have administration access to every Box, Gadget, and Business Administration. This means that as an App Admin, you will see all the created Boxes and have access to configuration areas.
Jira admins are automatically granted the App admin security role, even though they aren't automatically listed in App Administration > Security tab.
App Administrators don't necessarily need to be Jira Administrators. You can simply add a user as an "App Admin" if you want them to have full permissions in the App (access to all configuration, settings, and ability to edit/create/delete Boxes and tasks).
Adding someone as an App admin doesn't mean they are listed as users for individual Boxes, but they do have full access.
With this role, you have basic access to the App and see the App's name on the header. Remember that this does not mean you have access to any Boxes.
For Example, Aaron has been added as an App user in the App's administration but hasn't been added to any existing Boxes. Even though he can access the App, when he goes to "Home," he will see the "There's nothing to display" message.
June is taking over the EMEA Initiative. She has been added to the Box as an admin but hasn't been added as a user in App Administration. When she logs in, she can't access the BigPicture.
After logging in, June doesn't have access to BigPicture.
Make sure to grant users access to Boxes and Gadgets as well as access to the App itself.
It is possible to grant users in bulk access to our plugins, by adding Jira user groups.