This site is moving soon to become part of an integrated Appfire documentation and information site for our apps. This site will remain available during the transition to our new and improved site. Once this site is moved over, this banner will be updated with the new site link for easy access.

Take a look here! If you have any questions please email support@appfire.com

Permission systems interaction

Owned by Maksym Mazur (Deactivated)
Aug 07, 2023
2 min read


OKR for Jira has three separate access management planes.
This article will focus on interactions between these systems, so your configured permission model behaves as you expect it to.

Short summary for the three access management systems

  • Jira Global Permissions are used to grant basic\admin priviledges from Jira plane.
    All users will have View and modify OKRs global permission to use the app.
    Several admins will have Administer data of OKRs for Jira global permission to get almost full access to all app functionality. (see table below)

  • In-app permissions are used for precise access control. You can assign privileges to users and groups. You also can grant special privileges for Owners, Collaborators and Managers of respective OKRs.
    This should be your main mechanism for configuring your user access.
    All users can view any of the OKRs by default, and you can not revoke this privilege.

  • Restrictions are used when you want to hide or limit edit access to specific Objectives and Key Results.
    This is the way to conceal Objectives\Key Results from unpriviledged users.


Key interactions between mentioned systems

  • Only users who were explicitly set on Restricted OKRs can see\edit that OKR.
    Administer data of OKRs for Jira global permission or Admin in-app permission do not grant the ability to view or edit Restricted OKRs. Also contextual permissions for Owners, Managers and Collaborators does not override Restrictions.

  • Administer data of OKRs for Jira global permission overrides all in-app permissions, granting full app access (with the exception of Restricted OKRs as mentioned above)

  • In case of a user having only View and modify OKRs global permission, and no Restriction configured, user’s available actions depend on in-app permission.

  • To use ‘OKR for Jira’ application you need View and modify OKRs or Administer data of OKRs for Jira global permission. If user has none of the above permissions - they will not be able to access application.