Manage groups for an organization
10 min
Advanced
By the end of this lesson, you'll be able to:
- Assign users to groups
- Explain the impact of adding users to and removing users from groups
Configure groups
Groups are organization-wide collections of users. Editing a group includes adding or removing members.
Groups have several purposes, including:
- Granting app access
- Managing permissions in apps
- Changing page access in Confluence
- Advanced workflow configurations
- Sharing filters and dashboards
You can’t delete or empty the org-admins group because an organization requires an org admin. The org-admins group grants app admin and user roles for every app.
Configure default groups
Default groups are created when an Atlassian app is added. Every app has default groups for each role within the app. An org admin and user access admins can create custom groups if needed.
Every Atlassian app must have a default access group. Multiple apps can use the same default access group.
👇 Click the tabs to explore the default groups for each role.
The default access group for the user role for an app is called <app name>-users-<site name>.
👉 For example: For Jira on the Acme USA site, it would be called jira-users-acmeusa.
As an org admin, you can always change the default access group for each app in your organization. However, you cannot remove a group from being a default access group if it is the only default access group for the app.
The org admin or a user access admin can use several groups as default access groups. You can't use the org-admins group.
It isn't possible to delete a group when it is set as the default access group for an app.
Change group membership
When you remove users from groups, it affects what they can do in Jira.
👇Click the tabs below to explore the impacts of changing group memberships.
A user might gain or lose access to one or more apps if the group grants that access.
Best practices for managing groups
- Avoid granting too many groups access to an app.
- Use naming conventions and make sure group names indicate which access they grant.
- Limit the number of org admins and user admins to reduce the risk of groups creation getting out of control.
- Grant access by assigning roles rather than using group memberships.
- Monitor the audit log to be aware of any new groups created.
How was this lesson?
next lesson
Administer managed accounts for an organization
- What are managed accounts?
- Set up domain verification
- Claim accounts from a verified domain
- Unclaim, deactivate, and delete managed accounts
- Maintain managed accounts