Command security controls the actions users in security groups can access. A user can only perform actions for commands enabled in the group they are in.
Note: Security groups also have field security to limit the information users can view and change in items and workflow events. See Field security.
When configuring security groups, only enable commands for actions users need to perform based on their roles and responsibilities. This reduces the potential for users to accidentally modify data or settings they should not have access to. For example, you can enable the Add Issues, Edit Issues, and View Issues commands to let users work with issues. You can also disable the Delete Issues, Edit Closed Issues, and Edit Locked Issues commands to prevent users from changing issues in specific workflow states or removing issues from the project.
Keep the following in mind when configuring command security.
- Most users do not need access to commands in the Administration category. Only enable these commands in the group that includes users who manage parts of the project.
- The Edit Security Groups and See Security Tabs commands in the Security Groups category must be enabled for at least one group. You cannot remove yourself as a user from a group with these commands enabled because at least one user must have permission to perform these administrative tasks.
See Security commands for the available security commands and actions they provide access to.
Tip: As you work with security groups, you can use security group comparison reports to review permissions set for groups and compare settings between them. See Adding security group comparison reports.