Exam ACP-120 Topic 3 Question 39 Discussion

Since all company-managed projects share a single configuration (including permission schemes), permissions are applied uniformly across projects. Aproject roleis necessary when a requirement involves project-specific differences in user permissions, as roles allow membership to vary by project. The requirement thatonly some Compliance users can delete issues and they differ in each project(Option A) necessitates a project role, as it requires project-specific user assignments for theDelete Issuespermission.
* Explanation of the Correct Answer (Option A):
* The requirement states thatonly some Compliance users can delete issues, and the specific users differ in each project. In a shared permission scheme, permissions likeDelete Issuesare granted to users, groups, or project roles. Using a group would apply the same users across all projects, which does not allow for different users perproject. Aproject role(e.g., "Compliance Deleters") can be added to theDelete Issuespermission in the shared permission scheme, and different Compliance users can be added to this role in each project'sProject settings > People, accommodating the project-specific variation.
* Exact Extract from Documentation:
Manage project roles
Project roles allow permissions to be granted to different users in each project, even with a shared permission scheme.
To configure:
* Create a new project role inSettings > System > Project roles(e.g., "Compliance Deleters").
* Add the role to a permission (e.g.,Delete Issues) in the permission scheme (Settings > Issues > Permission schemes).
* Add users to the role in each project'sProject settings > People.Example: GrantDelete Issuesto the "Compliance Deleters" role, then assign different users to the role in each project.Note: Project roles are ideal for permissions that vary by project while maintaining a shared scheme.(Source: Atlassian Support Documentation, "Manage project roles")
* Why This Fits: A project role allows different Compliance users to have theDelete Issues permission in each project, satisfying the requirement for project-specific variation while keeping the shared configuration, making Option A the correct answer.
* Why Other Options Are Incorrect:
* All members need to be able to move issues (Option B):
* TheMove Issuespermission can be granted to all Compliance users via a group (e.g.,
"Compliance Team") in the shared permission scheme. Since the requirement applies uniformly to all members across all projects, a project role is not necessary, as there is no project-specific variation.
* Extract from Documentation:
Permissions likeMove Issuescan be granted to a group in a shared permission scheme, applying to all projects without needing project-specific roles.
(Source: Atlassian Support Documentation, "Manage permissions in Jira Cloud")
* Only two Compliance users should be able to see secured issues (Option C):
* Secured issues are managed by anissue security scheme, where security levels define who can view issues (e.g., specific users, groups, or roles). To allow only two Compliance users to see secured issues, you can create a security level listing those two users explicitly or a group containing only them. This does not require a project role, as the same two users apply across all projects, and security levels are part of the shared configuration.
* Extract from Documentation:
Issue security levels can specify individual users or groups to restrict visibility. Project roles are not required unless visibility varies by project.
(Source: Atlassian Support Documentation, "Configure issue security schemes")
* Only some Compliance users need to create shared dashboards (Option D):
* Creating shared dashboards requires theShare dashboards and filtersglobal permission, not a project-level permission. This can be granted to a group containing the relevant Compliance users inSettings > System > Global permissions. Since this is a global permission, it does not vary by project and does not require a project role.
* Extract from Documentation:
TheShare dashboards and filtersglobal permission allows users to share dashboards. It is grantedglobally, not via project roles.
(Source: Atlassian Support Documentation, "Manage global permissions")
* Additional Notes:
* Steps to configure Option A:
* Create a "Compliance Deleters" project role inSettings > System > Project roles.
* Add the role to theDelete Issuespermission in the shared permission scheme (Settings > Issues > Permission schemes).
* For each project, add the appropriate Compliance users to the "Compliance Deleters" role inProject settings > People.
* This configuration requiresJira administratorprivileges to create the role and modify the permission scheme, but project admins can manage role membership.
* The shared configuration (permission scheme, etc.) is preserved, as the project role integrates seamlessly.
:
Atlassian Support Documentation:Manage project roles
Atlassian Support Documentation:Manage permissions in Jira Cloud
Atlassian Support Documentation:Configure issue security schemes
Atlassian Support Documentation:Manage global permissions