Understand default groups

Which user management experience do you have?

Go to Atlassian Administration. Select your organization if you have more than one. You can identify which user management experience you have by checking where your Users page is located.

Centralized	Original
In Atlassian Administration, Users is located in Directory.	In Atlassian Administration, Users is located in Apps > `{site}`.

We’ll note any differences between user management experiences throughout this page.

Users are automatically placed in default groups when you give them access to a cloud app or assign them a new app role. A default group is the main group that grants an app role.

When you add an app to your organization, we create a default group for each app role. You can change what the default group is for a role, but a role must have at least one default group.

Example

Confluence on a site called Vitafleet comes with the default groups confluence-users-vitafleet and confluence-admins-vitafleet for the User and App admin roles, respectively. When someone is added to Confluence, they’re automatically added to the confluence-users-vitafleet group.

Find the default group for a role

Who can do this?
Role: Organization admin
Atlassian Cloud: All plans
Atlassian Government Cloud: Available

To find the default group for a role:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps.
This step depends on your user management experience:
1. Centralized: Select Manage App for the app that the role belongs to. Default groups are indicated with a checkmark in the Default group column.
2. Original: Select more actions (•••) for the app that the role belongs to, then select View App. Default groups are labelled with Default access group.

Change the default group for a role

To change the default group for a role, assign the role to a new group first. How to create a group

Who can do this?
Role: Organization admin
Atlassian Cloud: All plans
Atlassian Government Cloud: Available

To change the default group for a role if you have the centralized user management experience:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps.
Select Manage App for the app that the role belongs to.
Find the group you want to make the new default group, then select more actions (•••).
Select Update default group setting.
Select the role this group should be the default group for. A group can only be the default group for one role at a time.
Select Update. This group is now the default group for the selected role.
To remove the previous group as a default group, select more actions (•••) for that group, then select Update default group setting. Select None, then select Update. This doesn’t affect the group members or access.

To change the default group for a role if you have the original user management experience:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps.
Select more actions (•••) for the app that the role belongs to, then select View App.
Find the group you want to make the new default group, then select more actions (•••).
Select Make this group default. You’ll need to reload the page to see a default group label.
To remove the previous group as a default group, select more actions (•••) for that group, then select Don’t make this group default. You’ll need to reload the page for the default group label to disappear. This doesn’t affect the group members or access.

Default groups for each app

The default groups created in your organization depend on when you added an app to your organization. If an admin changed or renamed your default groups, they may not match the default groups listed.

Apps added after August 2021

App	Default groups	Description
Organization groups	`org-admins` or `site-admins`	Contains users who manage all your sites and the organization. The following default permissions are available for: All permissions assigned to the 'administrators' group for the apps you have. Access to user management (ability to create new users, assign users to groups, grant app access, etc.). Access to billing information. Access to all organization-level settings. Access to all site level settings. Access to all the apps in the site. Users with these permissions are considered organization administrators for documentation and support purposes.
Organization groups	`{app}-user-access-admins-{site}`	Assigns members the ‘user access admin’ role, which allows users to manage access to the app they administer. Each app has their own group, so you may have multiple user access admin groups. This group does not grant app access and members of this group won’t count towards your bill (unless the user holds another billable role).
Jira	`jira-users-{site}`	Grants access to the Jira under <site-name>. Assigns all members the ‘users’ project role, which allows members to see all project issues (unless protected by a security level) and create new issues.
Jira Software	`jira-software-users-{site}`	Grants access to the Jira Software app under <site-name>. Assigns all members the 'users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.
Jira Service Management	`jira-servicemanagement-users-{site}`	Manages license allocation for Jira Service Management. Members of this group count towards the Jira Service Management license.
Jira Service Management	`jira-servicemanagement-customers-{site}`	Members of this group can visit your help center, submit help requests, and view articles under <site name>. It does not allow members to access Jira Service Management as an agent. Members of this group won’t count towards your bill (unless the user holds another billable role).
Jira Work Management	`jira-workmgmt-users-{site}`	Grants access to the Jira Work Management app under <site-name>. Assigns all members the ‘users’ project role, which allows members to see all project issues (unless protected by a security level) and create new issues.
Jira Administration	`jira-admins-{site}`	The default permissions granted to this group depend on the apps you have. For example, if you have Jira apps only, the group permissions will include only the Jira app permissions. In Jira apps: The ‘Jira Administrators’ global permissions. A member of the ‘administrators’ project role, which allows members to edit project versions and manage project content (delete issues, comments, and manage watchers).
Confluence	`confluence-users-{site}`	Assigns the global permission to create and view Confluence content for the project, and create personal and global spaces.
	`confluence-admins-{site}`	This group has the 'Confluence administrator' global permission. Confluence admins are granted the ‘confluence-users’ default permissions. Users in the 'administrators' group have app access to Jira family of apps, and therefore, require a Jira family license. If you have users in the 'administrators' group that you don't need/want to take up a Jira family license, you can create a new group, such as 'confluence-admins,' that you can use for admins that don't require a Jira family license.
	`confluence-guests-{site}`	Gives access to view Confluence pages under <site name>. Assigns all members the ‘guest’ role, which gives users limited access to one space at a time (assigned by an admin). What can guests see and do in Confluence?
Opsgenie	`opsgenie-users-{site}`	The permission to access the Opsgenie app, which may include creating and editing Opsgenie alerts and schedules.
Statuspage	`statuspage-users-{site}`	The permission to access the Statuspage app and view any pages.
Statuspage	`statuspage-admins-{site}`	The permission to access the Statuspage app and manage user access to pages.
Trello	`trello-users-{enterprise-name}`	The permission to access the Trello app and view the default workspace.
Trello	`trello-admins-{enterprise-name}`	The permission to access the Trello app and manage user access to workspaces.
Bitbucket	`bitbucket-users-{enterprise-name}`	The permission to access the Bitbucket app and view the default workspace.
	`bitbucket-admins-{enterprise-name}`	The permission to access the Bitbucket app and manage user access to workspaces.
	`bitbucket-user-access-admins-{enterprise-name}`	The permission to view users in the Bitbucket app and configure user access settings.
Guard Detect	`guard-detect-users-{site}`	This group is not currently in use and grants no permissions to use Guard Detect.
Guard Detect	`guard-detect-admins-{site}`	The permission to use Guard Detect which includes the ability to view user activity and content scanning alerts and actor profile information related to those alerts. Note: Although the group name includes a sitename, Guard Detect generates alerts for Atlassian Administration and all eligible apps in your instance, not just the apps in the site that Guard Detect is attached to.

Apps added before August 2021

App	Default groups	Description
Site groups	`users`	For instances created before February 2014, this was the default group that new users were added to. In instances created after that date, all new users will be added to the '[app]-users' group for the app(s) they have access to instead of the 'users' group. The default permissions granted to this group depend on the apps you have in your service (for example, if you have Jira apps only, the group permissions will include only the Jira app permissions). In Jira apps: the 'Jira Users' and 'Bulk Change' global permissions. 'Jira Users' allows users to log in to Jira 'Bulk Change' allows users to bulk edit issues. a member of the 'users' project role, which allows members to see all project issues (unless protected by a security level or a custom project permission scheme) and create new issues. In Confluence: the permission to create and view Confluence content for the project, create personal and global spaces
Site groups	`jira-developers`	In Jira apps: the 'Browse Users', 'Create Shared Filter' and 'Manage Group Filter Subscriptions' global permissions in Jira. a member of the 'Developers' project role, which allows members to edit, move, assign, be assigned, link, work on, resolve and close issues. Typically, you add users who work on issues to this group. You can add users to this group from the Users page. This group is named 'developers' in Jira instances created earlier than February 2014.
	`administrators`	The default permissions granted to this group depend on the apps you have (for example, if you have Jira apps only, the group permissions will include only the Jira app permissions). In Jira apps: the 'Jira Administrators' global permissions. a member of the 'Administrators' project role, which allows members to edit project versions and manage project content (delete issues, comments, manage watchers). In Confluence: the 'Confluence Administrator' global permissions Users in the 'administrators' group have app access to Jira apps, and therefore, require a Jira license. If you have users in the 'administrators' group that you don't need/want to take up a Jira license, you can create a new group, such as 'confluence-admins,' that you can use for admins that don't require a Jira license.
	`trusted-users-{site}`	Users in this group were previously trusted users. This role no longer exists.
	`site-admins`	Site-admins are the users who manage a site. The following permissions are currently available to site-admins: All permissions assigned to the 'administrators' group for the app(s) you have Access to user management (ability to create new users, assign users to groups, grant app access, etc.) Access to billing information. Users with this permission are considered site administrators for documentation and Support purposes, and they have access to all the apps in the site.
Jira apps	`jira-users`	The 'Jira Users' and 'Bulk Change' global permissions. 'Jira Users' allows users to log in to Jira 'Bulk Change' allows users to bulk edit issues. A member of the 'Users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.
Jira apps	`jira-administrators`	The same default permissions assigned to the 'administrators' group, for only Jira family of apps. the 'Jira Administrators' global permissions. a member of the 'Administrators' project role, which allows members to edit project versions and manage project content (delete issues, comments, manage watchers).
Jira Software	`jira-software-users`	A member of the 'Users' project role, which allows members to see all project issues (unless protected by a security level) and create new issues.
Jira Service Management	`service-desk-agents`	Jira Service Management uses this group to manage license allocation. Users in this group count towards the Jira Service Management license. the 'Jira Service Desk agent access' global permission
Confluence	`confluence-users`	The permission to create and view Confluence content for the project, create personal and global spaces
Opsgenie	`opsgenie-users`	The permission to access the Opsgenie app, which may include creating and editing Opsgenie alerts and schedules.
Trello	`trello-users-{enterprise-name}`	The permission to access the Trello app and view the default workspace.
	`trello-admins-{enterprise-name}`	The permission to access the Trello app and manage user access to workspaces. Learn about Trello Enterprise names
Statuspage	`statuspage-users`	The permission to access the Statuspage app and view any pages.
Statuspage	`statuspage-adminstrators`	The permission to access the Statuspage app and manage user access to pages.

System-administrators group

There’s a default group used by Atlassian Support called system-administrators. You can’t edit or add users to this group.

The “sysadmin” account in this group is only used by Atlassian to log in to your organization to provide support to you or perform certain system maintenance tasks. This user has full app access, but does not count towards your license limit, no matter which groups it is added to. You may notice logins by this user, even when you don’t have a support request. This is because certain types of system maintenance involve our automated systems performing tasks using this account.

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community