Understand default groups
利用しているユーザー管理エクスペリエンスを確認する
移動 Atlassian Administration. Select your organization if you have more than one. You can identify which user management experience you have by checking where your Users page is located.
集中型 | オリジナル |
|---|---|
In Atlassian Administration, Users is located in Directory.  | In Atlassian Administration, Users is located in Apps >  |
We’ll note any differences between user management experiences throughout this page.
External identity providers
SCIM-synced groups from external identity providers such as Okta are read-only and can't be set as default groups. To manage product access effectively, you can create internally managed groups in Atlassian Cloud and assign them as default groups while maintaining user access through SCIM-synced groups for permissions and application role consistency.
This ensures that default groups remain internally managed, allowing Atlassian Cloud to automate placement for manually invited or self-signed-up users without conflicting with external identity provider management.
A default group is the main group that grants an app role. Users are automatically placed in default groups when you give them access to a cloud app or assign them a new app role in Atlassian Administration.
This automatic assignment to default groups can lead to unintended license consumption if not configured properly. Users accessing your instance for the first time or referenced in applications like Jira or Confluence can also be added to default groups automatically, potentially causing unexpected licensing costs or access issues.
When you add an app to your organization, we create a default group for each app role. You can change what the default group is for a role, but a role must have at least one default group. Users can gain access either directly by being added to the default group, through custom groups configured in the organization, or via groups synced from an external identity provider. Ensure that synced groups are correctly mapped to permissions in Atlassian Administration to avoid duplications or access issues.
例
Confluence on a site called Vitafleet comes with the default groups confluence-users-vitafleet and confluence-admins-vitafleet for the User and App admin roles, respectively. When someone is added to Confluence through Atlassian Administration, they’re automatically added to the confluence-users-vitafleet group.
You can configure multiple default groups (e.g., one for internal users and another for external users) by manually accessing Apps, then Atlassian apps, then Update default group setting. For external users, ensure that a dedicated group (for example, External-Jira-Users) has been created and assigned as needed by the admin.
Find the default group for a role
Who can do this? |
To find the default group for a role:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Apps > Atlassian apps.
This step depends on your user management experience:
Centralized: Select Manage App for the app that the role belongs to. Default groups are indicated with a checkmark in the Default group column.
Original: Select more actions (•••) for the app that the role belongs to, then select View App. Default groups are labelled with Default access group.
Change the default group for a role
To change the default group for a role, assign the role to a new group first. How to create a group
Note, the group that grants the organization admin role can’t be a default group for any role. This prevents anyone from unintentionally becoming an organization admin when assigned another role.
Who can do this? |
To change the default group for a role if you have the centralized user management experience:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Apps > Atlassian apps.
Select Manage App for the app that the role belongs to.
Find the group you want to make the new default group, then select more actions (•••).
[既定のグループ設定を更新] を選択します。
Select the role this group should be the default group for. A group can grant multiple roles for an app, but it can only be the default group for one role at a time.
Select Update. This group is now the default group for the selected role.
To remove the previous group as a default group, select more actions (•••) for that group, then select Update default group setting. Select None, then select Update. This doesn’t affect the group members or access.
To change the default group for a role if you have the original user management experience:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Apps > Atlassian apps.
Select more actions (•••) for the app that the role belongs to, then select View App.
Find the group you want to make the new default group, then select more actions (•••).
Select Make this group default. You’ll need to reload the page to see a default group label.
To remove the previous group as a default group, select more actions (•••) for that group, then select Don’t make this group default. You’ll need to reload the page for the default group label to disappear. This doesn’t affect the group members or access.
Default groups for each app
The default groups created in your organization depend on when you added an app to your organization. If an admin changed or renamed your default groups, they may not match the default groups listed.
In cases where license limits are exceeded due to SCIM-synced groups or site-admin memberships, consider revoking app access for unnecessary groups or creating internally managed groups for allocation. For example, when managing Confluence or Jira access, you can create “default-access” groups for automatic placements and reduce excess user licenses.
Apps added after August 2021
アプリ | デフォルト グループ | 説明 |
|---|---|---|
Organization groups |
| すべてのサイトと組織を管理するユーザーが含まれます。次の初期設定の権限を使用できます。
これらの権限を持つユーザーは、ドキュメントとサポートの目的に関する組織管理者とみなされます。 |
| Assigns members the “user access admin“ role, which allows users to manage access to the app they administer. Each app has their own group, so you may have multiple user access admin groups. This group does not grant app access and members of this group won’t count towards your bill (unless the user holds another billable role). | |
Jira |
| <site-name> にある Jira へのアクセス権が付与されます。 Assigns all members the “users“ project role, which allows members to see all project issues (unless protected by a security level) and create new issues. |
Jira Software |
| Grants access to the Jira Software app under <site-name>. Assigns all members the “users” project role, which allows members to see all project issues (unless protected by a security level) and create new issues. |
Jira Service Management |
| Manages license allocation for Jira Service Management (JSM). Members of this group count towards the Jira Service Management license. Be cautious when changing the default group for JSM, as all users in the group will automatically consume Agent licenses. To avoid exceeding license limits, ensure the group members are correct before finalizing changes. |
| このグループのメンバーは、ヘルプセンターにアクセスしたり、ヘルプリクエストを送信したり、<site name> の記事を表示したりできます。 メンバーがエージェントとして Jira Service Management にアクセスすることはできません。このグループのメンバーは、請求の対象にはなりません (そのユーザーが別の課金対象ロールを持っている場合を除く)。 | |
Jira Work Management |
| Grants access to the Jira Work Management app under <site-name>. Assigns all members the users’ project role, which allows members to see all project issues (unless protected by a security level) and create new issues. |
Jira 管理者向け |
| The default permissions granted to this group depend on the apps you have. For example, if you have Jira apps only, the group permissions will include only the Jira app permissions. In Jira apps:
|
Confluence |
| プロジェクトの Confluence コンテンツの作成と表示、パーソナル スペースとグローバル スペースの作成が可能なグローバル権限が割り当てられます。 For example, internal users might be part of “confluence-users-{site}” for content creation, while external consultants may belong to a restricted group like “confluence-guests-{site}”. Assign roles carefully to balance access and security. |
| This group has the Confluence administrator global permission. Confluence admins are granted the confluence-users default permissions. Users in the “administrators“ group have app access to Jira family of apps, and therefore, require a Jira family license. If you have users in the “administrators“ group that you don't need/want to take up a Jira family license, you can create a new group, such as “confluence-admins,“ that you can use for admins that don't require a Jira family license. | |
| <site name> の Confluence ページを表示するアクセス権を付与します。 Assigns all members the “guest“ role, which gives users limited access to one space at a time (assigned by an admin). What can guests see and do in Confluence? | |
Opsgenie |
| The permission to access the Opsgenie app, which may include creating and editing Opsgenie alerts and schedules. |
Statuspage
|
| Statuspage アプリにアクセスし、すべてのページを表示する権限。 |
| The permission to access the Statuspage app and manage user access to pages. | |
Trello |
| The permission to access the Trello app and view the default workspace. |
| The permission to access the Trello app and manage user access to workspaces. | |
Bitbucket |
| The permission to access the Bitbucket app and view the default workspace. |
| The permission to access the Bitbucket app and manage user access to workspaces. | |
| The permission to view users in the Bitbucket app and configure user access settings. | |
Guard Detect |
| このグループは現在使用されておらず、 Guard Detect を使用するための権限は付与されていません。 |
| Guard Detect を使用するための権限には、ユーザー アクティビティとコンテンツ スキャンのアラート、およびそれらのアラートに関連するアクターのプロファイル情報を表示する機能が含まれます。 Note: Although the group name includes a sitename, Guard Detect generates alerts for Atlassian Administration and all eligible apps in your instance, not just the apps in the site that Guard Detect is attached to. |
Apps added before August 2021
アプリ | デフォルト グループ | 説明 |
|---|---|---|
Site groups |
| For instances created before February 2014, this was the default group that new users were added to. In instances created after that date, all new users will be added to the “[app]-users“ group for the app(s) they have access to instead of the “users“ group. The default permissions granted to this group depend on the apps you have in your service (for example, if you have Jira apps only, the group permissions will include only the Jira app permissions). In Jira apps:
Confluence の場合
|
| In Jira apps:
Typically, you add users who work on issues to this group. You can add users to this group from the Users page. This group is named “developers“ in Jira instances created earlier than February 2014. | |
|
| The default permissions granted to this group depend on the apps you have (for example, if you have Jira apps only, the group permissions will include only the Jira app permissions). In Jira apps:
Confluence の場合
Users in the “administrators“ group have app access to Jira apps, and therefore, require a Jira license. If you have users in the “administrators“ group that you don't need/want to take up a Jira license, you can create a new group, such as “confluence-admins,“ that you can use for admins who don't require a Jira license. |
| このグループのユーザーは、以前は信頼できるユーザーでした。このロールはもう存在しません。 | |
| site-admins はサイトを管理するユーザーです。次の機能は、現在 site-admins のみが利用できます。
Users with this permission are considered site administrators for documentation and Support purposes, and they have access to all the apps in the site. | |
Jira apps |
| The Jira Users and Bulk Change global permissions.
A member of the Users project role, which allows members to see all project issues (unless protected by a security level) and create new issues. |
| The same default permissions assigned to the administrators group, for only Jira family of apps.
| |
Jira Software |
| A member of the Users project role, which allows members to see all project issues (unless protected by a security level) and create new issues. |
Jira Service Management |
| Jira Service Management はこのグループを使用して、ライセンス割り当てを管理します。このグループのユーザーは Jira Service Management ライセンスに計上されます。
|
Confluence |
| The permission to create and view Confluence content for the project, create personal and global spaces |
Opsgenie |
| The permission to access the Opsgenie app, which may include creating and editing Opsgenie alerts and schedules. |
Trello |
| The permission to access the Trello app and view the default workspace. |
|
| The permission to access the Trello app and manage user access to workspaces. Learn about Trello Enterprise names |
Statuspage |
| Statuspage アプリにアクセスし、すべてのページを表示する権限。 |
| The permission to access the Statuspage app and manage user access to pages. |
System-administrators group
There’s a default group used by Atlassian Support called system-administrators. You can’t edit or add users to this group.
The “sysadmin” account in this group is only used by Atlassian to log in to your organization to provide support to you or perform certain system maintenance tasks. This user has full app access, but does not count towards your license limit, no matter which groups it is added to. You may notice logins by this user, even when you don’t have a support request. This is because certain types of system maintenance involve our automated systems performing tasks using this account.
この内容はお役に立ちましたか?