Configuring the advanced setup

This page is about OKR for Jira Cloud. Using Data Center? Click here.

Advanced setup allows you to precisely define the permissions of specific users or groups. Click Configure advanced setup to start selecting roles and permissions, as well as assigning permissions.

Users always have the highest set of permissions applied. This means that if someone holds an Admin role but is also assigned to another role or is an OKR Owner, they will still have full access as long as they remain in the Admin role.

image-20240216-223341.png

1. Global roles

These roles form the basis on which you establish the role setup. By default, there are two roles: Admin (with all privileges) and Viewer (with permission to only view OKRs).

The default role is initially set to Admin, but you can modify this default setting. Additionally, you have the option to create your own global roles. Global roles apply to all OKRs; for instance, users assigned to a global role with permission to delete OKRs could delete any OKR.

Screen Shot 2024-02-15 at 14.58.10.png
Click + Add a custom role to create a new role.

Once a new global role is added, it will also appear in the Permissions section. This allows you to choose which permissions should be included in the role.

2. OKR ownership-based roles

These roles are valuable additions to the global roles that support the OKR process within the company. When a global role is assigned, it allows for adding additional permissions specifically related to the OKRs owned, collaborated on, or managed by particular individuals.

For instance, if a Viewer role is designated as the default role and OKR ownership-based roles are activated, only individuals actively involved (assigned in any way) to the OKR would have additional permissions related to them. Others would only be able to view the OKRs.

You can decide which roles to keep (by toggling them on/off) and what permissions should belong to the roles. Determine which permissions should be included in the role within the Permissions section of the page.

3. Permissions

This section explores the different access control systems in OKR for Jira and how they work together to ensure your desired permission model.

Changes in Permissions are saved automatically and applied instantly.

OKR for Jira has three separate access management planes:

Three access management systems:

Jira global permissions

These govern basic and administrative privileges within the Jira platform. All users will have View and modify OKRs global permission to use the app. Several admins will have Administer data of OKRs for Jira global permission to get almost full access to all app functionality.

In-app permissions

These provide granular access control within the OKR app. You can assign privileges to users and groups. You can also grant special privileges to owners, collaborators, and managers of respective OKRs. This should be your primary method for configuring user access. By default, all users can view any of the OKRs, and you cannot revoke this privilege.

Restrictions

These are used when you want to hide or limit edit access to specific Objectives and Key Results. This is how you can conceal Objectives or Key Results from unprivileged users. For more details, click here.

Key interactions between the systems:

  • Only users who were explicitly set on Restricted OKRs can see and edit that OKR. The Administer data of OKRs for Jira global permission or Admin in-app permission do not grant the ability to view or edit Restricted OKRs. Additionally, contextual permissions for Owners, Managers, and Collaborators do not override Restrictions.

  • The Administer data of OKRs for Jira global permission overrides all in-app permissions, granting full app access (except for Restricted OKRs, as mentioned above).

  • In the event that a user only has the View and modify OKRs global permission, without any Restrictions configured, the user's available actions will depend on their in-app permissions.

  • To use the OKR for Jira app, you need either the View and modify OKRs or the Administer data of OKRs for Jira global permission. If a user does not have either of these permissions, they cannot access the application.