Default groups and permissions

Users are automatically placed in default groups when you invite them to a cloud product or assign them a product access role. A default group is the main group that manages access to a product. Each product must have at least one default group. It’s possible to have more than one group marked as a default group for a product.

When you first create your organization, it comes with all the default groups you need to manage product access. For example, a default group that manages basic access to Jira for the Acme organization (meaning the group assigns its members the user role) would be called Jira-users-acme.com. The user role only provides basic permissions needed for someone to log into a product. You can further restrict or expand someone’s permissions (for example, to create Jira projects or view Confluence spaces) from the administration area inside the product.

To see the default group for a product:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Products.

  3. Find the product you want to check the default group for and select Manage product.

You’ll see a list of all the groups that manage roles for that product. The group with a tick icon in the Default group column is the default group for that product.

To update the default group for a product:

  1. From the Manage product screen, select the three dot icon next to the group you want to mark as the default group.

  2. Select Update default group setting.

  3. Select a role other than None to mark the group as the default group that assigns that product role.

  4. Select Update to confirm.

Understand the default groups and permissions for each product

Depending on when you created your organization or site, there might be differences in your orgnaization or site’s default groups.

Default groups can be modified, so the default groups in the following table may be different for your organization

For example, an admin in your organization may have deleted the jira-users-atlassian.com default group that was created when you first set up the organization, and moved all users to jsw-users-atlassian.com, a new group that was created and marked as a default access group.

For products created after August 2021

In this product

Default groups

Default permissions

Org-wide groups

org-admins (in your organization, this group may be called site-admins)

Contains users who manage all your sites and the organization. The following default permissions are available for:

  • All permissions assigned to the 'administrators' group for the products you have.

  • Access to user management (ability to create new users, assign users to groups, grant product access, etc.).

  • Access to billing information.

  • Access to all organization-level settings.

  • Access to all site level settings.

  • Access to all the products in the site.

Users with these permissions are considered organization administrators for documentation and support purposes.

<product-name>-user-access-admin-<sitename>

Assigns members the ‘user access admin’ role, which allows users to manage access to the product they admin. Each product has their own group, so you may have multiple user access admin groups.

This group does not grant product access and members of this group won’t count towards your bill (unless the user holds another billable role).

Jira

jira-users-<site-name>

Grants access to the Jira under <site-name>.

Assigns all members the ‘users’ project role, which allows members to see all project issues (unless protected by a security level) and create new issues.

Jira Software

jira-software-users-<site-name>

Grants access to the Jira Software product under <site-name>.

Assigns all members the 'users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.

Jira Service Management

jira-servicemanagement-users-<sitename>

Manages license allocation for Jira Service Management.

Members of this group count towards the Jira Service Management license.

jira-servicemanagement-customers-<sitename>

Members of this group can visit your help center, submit help requests, and view articles under <site name>.

It does not allow members to access Jira Service Management as an agent. Members of this group won’t count towards your bill (unless the user holds another billable role).

Jira Work Management

jira-workmgmt-users-<sitename>

Grants access to the Jira Work Management product under <site-name>.

Assigns all members the ‘users’ project role, which allows members to see all project issues (unless protected by a security level) and create new issues.

Jira Administration

jira-admins-<sitename>

The default permissions granted to this group depend on the products you have. For example, if you have Jira products only, the group permissions will include only the Jira product permissions.

In Jira products:

  • The ‘Jira Administrators’ global permissions.

  • A member of the ‘administrators’ project role, which allows members to edit project versions and manage project content (delete issues, comments, and manage watchers).

Confluence

confluence-users-<sitename>

Assigns the global permission to create and view Confluence content for the project, and create personal and global spaces.

confluence-admins-<sitename>

This group has the 'Confluence administrator' global permission.

Confluence admins are granted the ‘confluence-users’ default permissions.

Users in the 'administrators' group have product access to Jira family of products, and therefore, require a Jira family license. If you have users in the 'administrators' group that you don't need/want to take up a Jira family license, you can create a new group, such as 'confluence-admins,' that you can use for admins that don't require a Jira family license.

confluence-guests-<sitename>

Gives access to view Confluence pages under <site name>.

Assigns all members the ‘guest’ role, which gives users limited access to one space at a time (assigned by an admin). What can guests see and do in Confluence?

Opsgenie

opsgenie-users-<sitename>

The permission to access the Opsgenie product, which may include creating and editing Opsgenie alerts and schedules.

Statuspage

 

 

 

 

statuspage-users-<sitename>

The permission to access the Statuspage product and view any pages.

statuspage-admins-<sitename>

The permission to access the Statuspage product and manage user access to pages.

Trello

trello-users-<enterprise_name>

The permission to access the Trello product and view the default workspace.

trello-admins-<enterprise_name>

The permission to access the Trello product and manage user access to workspaces.

Bitbucket

bitbucket-users-<enterprise_name>

The permission to access the Bitbucket product and view the default workspace.

bitbucket-admins-<enterprise_name>

The permission to access the Bitbucket product and manage user access to workspaces.

bitbucket-user-access-admins<enterprise_name>

The permission to view users in the Bitbucket product and configure user access settings.

Guard Detect

guard-detect-users-<sitename>

This group is not currently in use and grants no permissions to use Guard Detect.

guard-detect-admins-<sitename>

The permission to use Guard Detect which includes the ability to view user activity and content scanning alerts and actor profile information related to those alerts.

Note: Although the group name includes a sitename, Guard Detect generates alerts for Atlassian Administration and all eligible products in your instance, not just the products in the site that Guard Detect is attached to.

 

For products created before August 2021

In this product

Default groups

Default permissions

Site-wide groups

users

For instances created before February 2014, this was the default group that new users were added to. In instances created after that date, all new users will be added to the '[product]-users' group for the product(s) they have access to instead of the 'users' group.

The default permissions granted to this group depend on the products you have in your service (for example, if you have Jira products only, the group permissions will include only the Jira product permissions).

In Jira products:

  • the 'Jira Users' and 'Bulk Change' global permissions.

    • 'Jira Users' allows users to log in to Jira

    • 'Bulk Change' allows users to bulk edit issues.

  • a member of the 'users' project role, which allows members to see all project issues (unless protected by a security level or a custom project permission scheme) and create new issues.

In Confluence:

  • the permission to create and view Confluence content for the project, create personal and global spaces

jira-developers

In Jira products:

  • the 'Browse Users', 'Create Shared Filter' and 'Manage Group Filter Subscriptions' global permissions in Jira.

  • a member of the 'Developers' project role, which allows members to edit, move, assign, be assigned, link, work on, resolve and close issues.

Typically, you add users who work on issues to this group. You can add users to this group from the Users page.

This group is named 'developers' in Jira instances created earlier than February 2014.

 

administrators

The default permissions granted to this group depend on the products you have (for example, if you have Jira products only, the group permissions will include only the Jira product permissions).

In Jira products:

  • the 'Jira Administrators' global permissions.

  • a member of the 'Administrators' project role, which allows members to edit project versions and manage project content (delete issues, comments, manage watchers).

In Confluence:

Users in the 'administrators' group have product access to Jira products, and therefore, require a Jira license. If you have users in the 'administrators' group that you don't need/want to take up a Jira license, you can create a new group, such as 'confluence-admins,' that you can use for admins that don't require a Jira license.

trusted-users-<id>

The users in this group have the Trusted role.

  • In Jira products:

    • the 'Jira Administrators' global permissions.

    • a member of the 'Administrators' project role, which allows members to edit project versions and manage project content (delete issues, comments, manage watchers).

  • In Confluence:

  • product user permissions.

  • the ability to invite users.

This group is not visible on the Groups page of your site. Users get added to this group when you set their role via the Role selector on the Invite users page or the user details page. This group is visible from the Jira and Confluence global permissions.

site-admins

Site-admins are the users who manage a site. The following permissions are currently available to site-admins:

  • All permissions assigned to the 'administrators' group for the product(s) you have

  • Access to user management (ability to create new users, assign users to groups, grant product access, etc.)

  • Access to billing information.

Users with this permission are considered site administrators for documentation and Support purposes, and they have access to all the products in the site

Jira products

jira-users

The 'Jira Users' and 'Bulk Change' global permissions.

  • 'Jira Users' allows users to log in to Jira

  • 'Bulk Change' allows users to bulk edit issues.

A member of the 'Users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.

jira-administrators

The same default permissions assigned to the 'administrators' group, for only Jira family of products.

  • the 'Jira Administrators' global permissions.

  • a member of the 'Administrators' project role, which allows members to edit project versions and manage project content (delete issues, comments, manage watchers).

Jira Software

jira-software-users

A member of the 'Users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.

Jira Service Management

service-desk-agents

Jira Service Management uses this group to manage license allocation. Users in this group count towards the Jira Service Management license.

Confluence

confluence-users

The permission to create and view Confluence content for the project, create personal and global spaces

Opsgenie

opsgenie-users

The permission to access the Opsgenie product, which may include creating and editing Opsgenie alerts and schedules.

Trello

trello-users-<enterprise_name>

The permission to access the Trello product and view the default workspace.

 

trello-users-<enterprise_name>

The permission to access the Trello product and manage user access to workspaces.

Learn about Trello Enterprise names

Statuspage

statuspage-users

The permission to access the Statuspage product and view any pages.

statuspage-adminstrators

The permission to access the Statuspage product and manage user access to pages.

The system-administrators group

There's a default group system-administrators used by Atlassian Support staff. You can't edit this group or add users to this group.

The 'sysadmin' user from this group can log in to your site to provide support to you and to perform certain system maintenance tasks. This user automatically has full product access but does not count towards your license limit, no matter which groups it is added to.

The account is only used by Atlassian. You may notice logins by this user even without having raised a support request. This is because certain types of system maintenance involve our automated systems performing tasks using this account.

Still need help?

The Atlassian Community is here for you.