How does app access work?
As an admin, you can configure app access for users in your organization in two ways:
1. Assign app roles
To give users app access, you must assign them a role in Atlassian Administration. Organization admins are able to assign roles. User access admins can also do this, but only for apps they administer. A site admin in the original user management experience can assign roles in their site.
2. Apply in-app permissions
This is an additional layer of access that gives more granular control over specific areas. For example, you can use in-app permissions to limit a user’s access to secret Jira projects or confidential Confluence spaces. Both organization admins and app admins can apply this level of permissions.
You can also use groups to assign roles or apply in-app permissions for multiple users at the same.
Assign app roles
As an organization admin, you can grant app access to users by:
assigning an app role when you invite a user to your organization
adding one or more users to a group
A user access admin can also do these tasks, but only for apps they administer. This means if an app’s default group also includes apps they don’t administer, a user access admin won't be able to grant access to that app. Troubleshoot issues related to managing groups
The following image is an example of a user who has been assigned a role for Jira and for Confluence. This user was automatically added to the default groups for the roles they were assigned.
This user was not assigned a role for the Confluence app in acme-support.atlassian.net.
Apply in-app permissions
組織で機密の Jira プロジェクトや Confluence スペースが必要な場合は、組織内のユーザーの役割や雇用状況に基づいてアクセスを許可または制限することをお勧めします。たとえば、請負業者やベンダーにはアクセスを制限して、法務や人事の各チームのみに特定のスペースへのアクセスを許可することをお勧めします。
In-app permissions can be set up by app admins from within the app and applied to groups created in Atlassian Administration. Groups can help you to apply and manage the same level of access for multiple users in your organization, who have similar access requirements.
You can manage your in-app permissions from the following places:
アプリ | Where to manage in-app permissions | これを実行できるロール |
|---|---|---|
Confluence | Confluence を開いて、ナビゲーション バーの [設定] (歯車アイコン) を選択します。 | confluenceadmin
|
Jira | Jira を開いて、ナビゲーション バーの [設定] (歯車アイコン) > [Jira 設定] > [システム] の順に選択します。 | Jira 管理者
|
なぜグループが必要なのですか?
Groups can help you reduce the time it takes you to set up access for multiple users. You can use groups to assign default app roles and to manage in-app permissions.
By creating groups to manage in-app permissions, you can precisely control access to confidential information for multiple users. Learn how to create and update groups
Like organization admins, user access admins can use groups to set up app access. However, user access admins can only set up access to apps they administer. This means if an app’s default group also includes apps they don’t administer, a user access admin won't be able to set up access to that app. Troubleshoot issues related to managing groups
Use groups to assign access
The following image is an example of how one group (All employees) may be created to manage access for multiple users to many apps at once.
The group – Customer support team – is not a default group. In this example, one user has been added to this group, granting them access to an additional Confluence app (acme-support.atlassian.net) that the other three users don’t have access to.
Use groups to apply in-app permissions
The following image is an example of how in-app permissions can be applied to multiple users (in this case the Marketing group) using one group. In-app permissions are managed within the app, but you create a group and manage its membership in Atlassian Administration.
Examples of how you might use groups
チームの新しいメンバーのオンボーディング
Let’s see how we can make use of groups to onboard new members of an HR team. This team uses the following apps and project spaces:
Confluence: 組織全体の全員が使用します。
Jira Service Management: 一般的な HR チケットを保管します。
人事ポリシーと手続き: すべての一般的な人事情報のための Confluence スペースです。
人事個人情報: 機密情報を保管する Confluence スペースです。
From your organization at admin.atlassian.com create a group. Let’s call it HR-team. We’ll use this group to manage access to all apps for everyone in HR in your organization.
Add the Confluence and Jira Service Management apps to the HR-team group. This gives all group members access to spaces in Confluence (like HR policies and procedures) and to projects in Jira Service Management – excluding anything confidential.
Then, we’ll create another group, let’s call it HR-confidential. This is the group where we’ll apply the in-app permissions for Confluence.
Confluence の設定で、「人事 - 個人情報」スペースに対する既定のアクセス権を制限して、「人事 - 部外秘」グループのメンバーにのみアクセスを許可します。Confluence Cloud スペース権限の割り当て方法については、こちらをご確認ください。
新しい人事チーム メンバーが組織に加入したら人事チーム グループに追加して、Confluence と Jira Service Management へのアクセス権を付与します。
チームの異動があったとき
メンバーがチーム間で異動した際も、グループを使用できます。たとえば、Omar が法務チーム (法務チーム グループとします) から人事部に異動する場合は、Omar を法務チーム グループから削除して人事チーム グループに追加します。Omar の役割として、機密情報を含む Confluence スペースへのアクセスが必要な場合は、人事 - 機密情報グループにも追加します。
Grant everyone access to a new app
Groups are also useful to grant access quickly when you add new apps to your organization. Let’s say you want to grant the HR team access to Jira(an app you’ve added to your organization recently). You can grant this access to all members of the HR-team group from the app details page, or from the group details page.
この内容はお役に立ちましたか?