I am in general fond of JIRA Schemes - but not (always) the Permission Schemes, because in general permissions vary pretty much - even for quite similar projects; as similar projects often has a different set of users (and hence: permissions)

So I tend to extend the JIRA Roles pretty much in an (almost) 1:1 relation between JIRA Permissions and Roles.

The Standard Permission Scheme

Look more or less like this:

Create Roles for Standard Permissions

For these permissions, I create a Role for each permission in the Permission Scheme - sometimes with a little more descriptive name prefixed with "can":

JIRA PermissionRolename
Browse Project
View Development Tools
Assignable UserAssignableUsers
Assign IssuesCanAssignIssues
Close IssuesCanCloseIssues
Move IssueCanMoveIssues

Create a New Rolebased Permission Scheme

Create a "Rolebased Permission Scheme", and Add the Roles to the equivalent permission:

You can always include users,groups and others in the Permissions, if these ALWAYS should have that access, eg:

Add the "jira-administrators" group to the "Administer Projects" permission

Add the "Project Lead" to the "Browse Project","Assign Issues" etc etc to the "Browse project" permission

Add the "Current Assignee" and the "Reporter" to the "Edit Issues" permission

Until all (that You want) is added in the 1:1 relation:

Assign the Scheme to a Project

After the new Scheme is assigned to a project:

You can now assign users and groups directly to the project, making:

  • Overview / resolving of permission issues easier
  • Changing permissions for one project very easy/fast
  • Differentiating permissions on otherwise similar projects
  • You only have one (or few) Permission Schemes