YouTrack Permissions
A permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.
A role is a set of permissions which defines the level of access for a user to particular functionality and operations.
All permissions are divided into two categories:
Global permissions are granted within YouTrack's global scope and do not depend on a specific project. For example, you can't grant permission to create users in a single project, you can do it only in the system-wide scope. Global permissions are marked with a global badge in the permissions list.
Per-project permissions allow actions related to a specific project. For example, a role with the Read Project Basic permission grants users and groups access to view project properties and content for a specific project. If these users don't have the Read Project Basic permission for other projects in YouTrack, they don't have access to them.
The permissions listed on this page grant access to work with the entities that are managed in the YouTrack service. The permissions are grouped by the entity that they provide access to in YouTrack.
For a list of permissions that are used by the built-in Hub service to regulate access to administrative actions, see Hub Permissions.
Inherent Permissions
When you have permission to create something in YouTrack, you inherit the permission to read and update your own content. You still require explicit permission to read and update content that was posted by other users. This behavior applies to issue reporters, commenters, and work authors.
Issue reporters always have permission to view public fields, update public fields, and add links to the issues that they created. This means that users who are granted the Create Issue permission in a project can perform these actions with the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions.
However, users can't delete their own issues without the Delete Issue permission.
Users who have the Create Comment permission inherit the permission to read and update their own comments, even when they don't have Read Comment and Update Comment permissions.
Users with the Create Work Item permission inherit the permission to read and update their own work items, even when they don't have Read Work Item and Update Work Item permissions.
This also applies to users who have the Add Attachment permission. Users who attach files to an issue inherit the ability to modify these files and restrict their visibility without the Update Attachment permission.
Article
| Permission | Description |
|---|---|
| Create Article | Add articles to the knowledge base for a specific project. |
| Delete Article | Delete articles from the knowledge base in a specific project. |
| Read Article | View articles and article content in the knowledge base for a specific project. Note that users are only able to view articles in projects where they have the Read Project Basic permission. |
| Update Article | Edit existing articles in the knowledge base for a specific project. |
Article Comment
| Permission | Description |
|---|---|
| Create Article Comment | Add comments to existing articles in the knowledge base for a specific project. Users with this permission can edit or delete their own comments as well. |
| Delete Article Comment | Delete comments that have been posted to articles in the knowledge base for a specific project. This includes comments that were posted by other users. |
| Read Article Comment | View comments that have been posted to articles in the knowledge base for a specific project. |
| Update Article Comment | Edit comments that have been posted to articles in the knowledge base for a specific project. This includes comments that were posted by other users. |
Issue
| Permission | Description |
|---|---|
| Apply Commands Silently | Update issue attributes using a command without sending update notification messages to users who subscribe to issue updates. |
| Create Issue | Create (report) issues in a project. Users with this permission can view public fields, update public fields, and add links to the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions. Implies Read Project Basic. |
| Delete Issue | Delete issues. |
| Link Issues | Add links that define relationships between issues. Users with the Create Issue permission inherit the permission to add links to their own issues whether they are granted this permission or not. However, they can only add links to issues that they have permission to read. |
| Override Visibility Restrictions | View issues, comments, and attachments that are hidden by visibility settings. |
| Read Issue | View issues and read public fields. Users with the Create Issue permission inherit the permission to read their own issues whether they are granted this permission or not. Implies Read Project Basic. |
| Read Issue Private Fields | View private fields in issues. Implies Read Project Basic. |
| Update Issue | Update the values for public fields in issues. Users with the Create Issue permission inherit the permission to update their own issues whether they are granted this permission or not. |
| Update Issue Private Fields | Update the values for private fields in issues. Implies Read Issue Private Fields. |
| Update Watchers | Add other users to the list of watchers for an issue. |
| View Voters | View the list of users who have voted for an issue (available in single issue view). Implies Read Project Basic. |
| View Watchers | View the list of users who are watching an issue (available in single issue view). Implies Read Project Basic. |
Issue Attachment
| Permission | Description |
|---|---|
| Add Attachment | Attach files to issues. |
| Delete Attachment | Delete any file that is attached to an issue. All users can delete the files that they attached to issues themselves even when they are not explicitly granted this permission. |
| Update Attachment | Modify files attached to issues and restrict attachment visibility. All users can update visibility settings for the files that they attached to issues themselves even when they are not explicitly granted this permission. |
Issue Comment
| Permission | Description |
|---|---|
| Create Issue Comment | Add comments to issues. Users with this permission inherit the permission to read and update their own comments, even when they don't have Read Comment and Update Comment permissions. |
| Delete Issue Comment | Delete comments that they have added to issues. |
| Delete Not Own and Permanent Comment Delete | Delete comments that were added to issues by other users and delete comments permanently. Implies Read Comment. |
| Read Issue Comment | View comments that have been added to issues. Users with the Create Comment permission inherit the permission to view their own comments whether they are granted this permission or not. |
| Update Issue Comment | Edit comments that they have added to issues. |
| Update Not Own Issue Comment | Edit comments that were added to issues by other users. Implies Read Comment. |
Issue Work Item
| Permission | Description |
|---|---|
| Create Not Own Work Item | Create work items and set another user as the work author. Implies Create Work Item. |
| Create Work Item | Add work items to issues. Users with this permission inherit the permission to read and update their own work items, even when they don't have Read Work Item and Update Work Item permissions. |
| Read Work Item | View the list of work items in an issue. Users with the Create Work Item permission inherit the permission to read their own work items whether they are granted this permission or not. |
| Update Not Own Work Item | Edit work items created by other users. Also grants permission to create work items on behalf of other users. Implies Read Work Item and Update Work Item. |
| Update Work Item | Add and edit work items to an issue. Users with the Create Work Item permission inherit the permission to update their own work items whether they are granted this permission or not. |
Report
| Permission | Description |
|---|---|
| Create Report | Create reports that present data from issues in a project. Implies Read Report. |
| Read Report | View reports that present date from issues in a project. |
| Share Report | Update the settings that allow members of specific groups to view and use a report or edit the report settings. Implies Read Report. |
Watch Folder
| Permission | Description |
|---|---|
| Create Tag or Saved Search | Create tags and saved searches. |
| Delete Tag or Saved Search | Delete the tags and saved searches that they have created. |
| Edit Tag or Saved Search | Edit the tags and saved searches that they have created. Allows users to edit tags and saved searches if the user is a member of the group that is allowed to edit the tag or saved search. |
| Share Tag, Saved Search, or Agile Board | Update settings that give other users the ability to view, use, or edit tags, saved searches, and agile boards. |