User Roles & Permissions

This page explains how User Manager & License Optimizer works with Atlassian Cloud roles, who can use the app, and what each role means across Jira, Confluence, and Jira Service Management (JSM).

How permissions work

The app lives inside Jira and connects with your Organization Admin API key for a single, unified control plane.

Who can use the app:
Organization Admins, Product Admins (aka App admins / Product access admins), and User Access Admins - when allowed in App Access Control.
Who cannot use the app: All other roles (e.g., Site Admin, Project Admin, Space Admin, Guest, Customer, Stakeholder, Contributor, Basic, standard User) have no app access.
Critical note: Once you grant access to Product Admins or User Access Admins, they get full organization-wide capabilities inside the app (users, groups, bulk changes, tasks). The app does not restrict them to a product- or site-only scope.
Jira access required: User Access Admins must also have Jira product access; otherwise they can’t open the app UI.

Atlassian Cloud admin roles (platform)

Role	What it is	Typical scope in Atlassian	App access?
Organization Admin	Highest admin role; manages users, groups, apps, org-wide security & policies at admin.atlassian.com.	Org-wide	Yes
Site Admin	Administers a specific site (not the whole org).	Per-site	No
User Access Admin	Manages how people get access to Atlassian apps (user/app access lifecycle).	App level (access)	Yes (needs Jira access)
Product Admin (a.k.a. App admin / Product access admin)	Admin for a specific Atlassian product (e.g., Jira, Confluence).	App level	Yes (when allowed)

References: Atlassian’s admin-role definitions and capabilities.

Why no Site Admin? Atlassian recently clarified platform roles across the centralized user management experience. Site Admin remains site-scoped. The Atlassian management of site admins is not reflected in groups anymore and that's why our app can't manage it properly. In the future, we will provide access to site admins too.

Product-aligned roles you’ll see in directories & projects

Many entries in “User Roles” come from specific products. These roles do not grant access to this app, but you’ll commonly use them when managing access elsewhere.

Confluence

User - Licensed team member working on Confluence Pages
Guest - External, single-space collaborators; very limited, free seat type. Good for vendors/partners.
Space Admin - Administers a specific space (permissions, structure). Not visible in the User Management and License Optimizer.

Jira Service Management (JSM)

Customer - Portal-only user; no Jira license; submits/reads requests via help center.
User (Agent) - Licensed team member working tickets (queues, SLAs, comments).
Stakeholder - Visibility/updates on incidents; free on Premium/Enterprise (license rules vary by plan).

Jira Product Discovery (JPD)

User (Creator) - Paid role; full project capabilities incl. fields/views, admin.
Contributor - Free; create ideas if enabled.

Compass

Basic - Non-billable catalog consumers with limited capabilities; unlimited basic users.
User - billable user with access to all Compass features available in your plan.

Feature-to-role requirements (inside the app)

App Feature	Minimum role that can use the app	Notes
User Browser	Product Admin / User Access Admin / Org Admin	User Access Admins must also have Jira access.
Bulk Operations	Product Admin / User Access Admin / Org Admin	Executes org-wide when run in app.
Automated Tasks	Product Admin / User Access Admin / Org Admin	Org-scoped when configured in app.
Global Settings	Organization Admin	API key management & guardrails.

Security implications (read before granting)

Granting Product Admin or User Access Admin app access effectively elevates them to org-wide powers within this app (users, groups, bulk ops, tasks).
The app does not re-apply native Atlassian scoping limits (e.g., “product-only” or “site-only” boundaries) once access is granted.
Prefer least privilege: only enable these toggles for trusted admins; review access regularly via App Access Control.