Permission questions and scenarios
Question | I want to provide general user management to my IT group, but how do I restrict access to sensitive projects and project groups? |
Answer | Assign the user admin role. This role is limited to viewing and administering project-level permissions on projects only where they are a project admin. They can still create users, deactivate existing users, manage their participation in organization groups, and configure licenses. |
Question | Can a user admin grant themselves or others the process role or organization admin role? Can they change their own permissions? |
Answer | No, only an organization admin can set the org and process roles. A user admin must be a project admin to adjust permissions to a project. If they remove their own project admin role, they no longer have access to that project’s permissions. |
Question | Why aren’t there any options to override permissions on certain users or groups? |
Answer | This restriction controls visibility and access across projects that might belong to different divisions or contains sensitive information that you don’t want exposed to all users. If you want your user admin (user or group) to have access to all projects and project groups, assign the project admin role at the organization level. |
Question | Why can’t my user admin see all groups where a user is assigned? |
Answer | By default, user admins can’t access all projects. The user must be a project admin to access the groups for that project. |
Question | Why can’t my user admin manage the membership in an organization group? |
Answer | User admins can only provide access to projects they can access. To access a project, they must be a member of that project's organization group. When they aren't a member of the organization group, the project isn't visible to them, so they can't provide access. |
Question | Why am I getting “no permissions” error when I try to add a user to a group? |
Answer | The group might have permission to access projects that you don’t. |
Question | Why can’t my process admin see all projects when assigning relationship rules? |
Answer | A project might contain sensitive information, so access is restricted. The list of projects shows only projects where the process admin is also a project admin. If you want your process admin (user or group) to have access to all projects and project groups, assign the project admin role at the organization level. |
Question | Is there a way to limit the item types that a process admin is able to see? |
Answer | Not at this time. This is a future option under consideration. |
Question | I just made a user an organization admin. Why can’t the user access certain projects? |
Answer | The option to override an organization admin’s access is no longer available. To avoid confusion, remove any overrides on organization admin users/groups that you made in the past. |
Question | Does the process admin have access to all projects and users? |
Answer | Process admins only have access to the projects where they are a project admin. They do have access to users and organization groups for assigned workflow transitions. |
Question | The @mention feature isn’t working for my users, regardless of project permissions on the Stream page. |
Answer | The top-level option to create comments has a new configuration that disables this option by default. Context-free comments (not made from a project or item) created confusion and exposed users and groups to all system users. The @mention from the Stream page is now limited to include only users and groups that align with the commenter’s project permissions. This change tightens security and eliminates accidental exposure of users or groups. |
Question | As a project admin, why can’t I add users to my project if they are in the same system? |
Answer | Your organization has configured the settings for Jama Connect to restrict project admins’ visibility of users and groups to only their project’s permissions. If you want your project admins to have access to all users and groups, your organization admin can configure the setting on the Organization Detail page. |
Question | I’ve given a user with read/write permissions access to a set in my project, but they still can’t see the project. |
Answer | Permissions must first be set on the project. Once the user has read or read/write permissions to the project, they can access the set. You can provide or remove permissions to other sets or components in the project to modify access. |
Question | I removed a user’s access to a component. Why can they still see it? |
Answer | Users receive the highest level of rights assigned to them. If a user is part of a group that has permissions to a component, you can make one of the following changes:
|