App-level permissions
Contents: |
|---|
App-level (or global) permissions determine access to the app and its respective pages, and the scope of actions permitted users can carry out within the app.
Navigation and access
Only Jira and App Admins can access global security settings.
Click the App settings button.
Select Security from the dropdown.
You are now on the Administration > Security page.
App Security (page)
Permissions for everyone (toggle)
This toggle switch changes permissions in BigPicture only. It doesn't affect user permissions in Jira.
Toggle switched ON
When enabled, every logged-in Jira user has the same administrative level of access, which includes:
App Administration
Boxes and their content (depending on Jira permissions and security settings).
When the Permissions for everyone toggle is on, you can't assign global roles to individual users or Jira groups because all users have full access to manage the app and boxes.
Likewise, this toggle disables box-level security settings (security roles for box types are not affected).
App Security page | Box Security page |
|---|---|
 Global roles are grayed out. |  The box Security page is not available. |
The Permissions for everyone option is useful for small teams or when you're testing the app. It helps you quickly see how things work. But in a live environment, you may need more advanced access controls to keep things secure.
The Permissions for everyone option doesn't override Jira permission settings. If a user is not permitted to access a project in Jira, this option won't allow them to view it in BigPicture, either.
If you want your users to view and manage all boxes in BigPicture, ensure you have granted them the relevant permissions in Jira.
Toggle switched OFF
When the Permissions for everyone option is disabled, Jira/App Admins can manage global role permissions on the Administration > Security page. The security settings on the box configuration > Security page are also enabled.
Role permissions
There are three global security roles in BigPicture:
App Admin
App User
Resource Admin
App Admin
App Admins have full access to the App Configuration, App Administration, and every box and gadget. They can create new boxes and view and configure every existing box in the box hierarchy.
Jira Admins automatically get the App Admin role, but they do not show up in the App Administration > Security tab by default.
Only Jira Admins and App Admins can give the App Admin role to others.
Once a user is granted the App Admin role, they can set up the app and add other users to the App Admin role, even if they aren't Jira Admins.
When a Jira Admin grants someone the App Admin role, that user can manage the app and all boxes. Their name will appear under the App Admin role (Administration > Security) but not on the box configuration > Security pages.
App Security page | Box Security page |
|---|---|
 Claire Lee is listed as an App Admin under the global security roles. |  App Admins are not listed on the box Security page (unless specifically added here).
|
App User
The App User is the basic global role that allows Jira users to:
See BigPicture under Apps in Jira
Open BigPicture
Access to the app alone does not automatically grant access to individual boxes (even if the App User is permitted to view and/or manage a respective Jira project).
Important For that reason, to ensure users can benefit from using BigPicture, they must be granted:
App User role in BigPicture
project permissions in Jira
a box-level security role to view/manage respective boxes
BigPicture gadgets
Below, you can see how these permissions affect one another:
A Jira user was not assigned the App User role. As a result, they:
Can't see BigPicture under Jira’s Apps
A Jira user was assigned the App User role, but not a box-level security role to any of the boxes. As a result, they:
Can see BigPicture under Jira’s Apps
Can open BigPicture
Can't access any box data in BigPicture
Resource Admin
This role grants you access to and management of all resource-related pages within the app’s Administration section. The Resource Admin role builds upon the App User role, meaning that users with this role:
Have basic access to the app but cannot access the App Configuration.
Can access boxes based on individual box security settings (but they do not get access to all boxes like the App Admin).
Are allowed to administer resource-related global configuration on the resource Individual's details page (including all its subpages).
Can access the Administration page but not the Resources tab.
The App Financial Viewer and App Financial Admin are Financials module-specific roles.
Grant and manage global security roles
Global roles can be assigned to individual Jira users and Jira groups.
Jira and App Admins can grant global roles in BigPicture in the following ways:
On the Security page, expand the section with the security role you want to assign.
From the dropdown, under Users, select a Jira user or multiple users in one go; if you want to add a Jira group or groups to a specific role, select them from the list under Groups.
The roles are assigned, and you don't need to confirm it with any additional buttons.
Alternatively:
Click the +New assignment button.
A dialog appears. Select whether you want to assign a user or a group.
Next, select the global role from the list.
You can assign only one person or group at a time. To continue adding users and groups to the roles, check the Add another box.
Click the Assign button to finish the process.
Need support? Create a request with our support team.
Copyright © 2005 - 2025 Appfire | All rights reserved.