YouTrack Permissions
A permission is an authorization granted to a user to perform an action. Permissions are granted to a user within a role, but not directly.
A role is a set of permissions that defines the level of access for a user to particular functionality and operations.
All permissions are divided into two categories:
Global permissions are granted within YouTrack's global scope and do not depend on a specific project. For example, you can't grant permission to create users in a single project, you can do it only in the system-wide scope. Global permissions are marked with a global badge in the permissions list.
Per-project permissions allow actions related to a specific project. For example, a role with the Read Project Basic permission grants users and groups access to view project properties and content for a specific project. If these users don't have the Read Project Basic permission for other projects in YouTrack, they don't have access to them.
The permissions listed on this page grant access to work with the entities that are managed in YouTrack.
Inherent Permissions
When you have permission to create something in YouTrack, you inherit the permission to read your own content. Separate permissions are required to update your own comments and work items, but not your own issues. You also require explicit permission to read and update content that was posted by other users.
Issue reporters always have permission to view public fields, update public fields, and add links to the issues that they created. This means that users who are granted the Create Issue permission in a project can perform these actions with the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions.
This also applies to users who have the Add Attachment permission. Users who attach files to an issue inherit the ability to modify these files and restrict their visibility without the Update Attachment permission.
However, users can't delete their own issues without the Delete Issue permission.
Users who have the Create Issue Comment permission inherit the permission to read their own comments, even when they don't have the Read Issue Comment permission. The ability to edit your own comments requires the Update Issue Comment permission.
Users with the Create Work Item permission inherit the permission to read their own work items, even when they don't have the Read Work Item permission. The ability to edit your own work item requires the Update Work Item permission.
For articles in the knowledge base, users with the Create Article Comment permission inherit the permission to read and update their own comments, even when they don't have the Update Article Comment permission. The Create Article Comment implicitly grants the Read Article Comment permission.
Implied and Dependent Permissions
Implicit links connect permissions where actions that are granted by one permission are technically impossible without the other. This approach makes it easier to define custom roles with the appropriate access rights.
When you add a permission with implied permissions to a role, the implied permissions are added to the role automatically.
When you remove a permission with dependent permissions to a role, the dependent permissions are removed from the role automatically.
For example, the Read Project Basic permission (from the Hub service) is automatically added to a role when you add either Read Issue or Create Issue permission from the YouTrack service. It's technically impossible to view or create issues without being able to read basic project properties like the project name and project ID, so the Read Project Basic permission is granted implicitly.
To view the sets of implied and dependent permissions, select a permission and open the Details panel in the sidebar.
System
The following permissions are not related to specific entities in the system. These permissions are available at the global level.
Permission | Description |
|---|---|
Low-level Admin Read | Read-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics. |
Low-level Admin Write | Manage low-level administrative actions. Includes permission to integrate with third-party services and back up the database. Implies Low-level Admin Read. |
Article
Permission | Description |
|---|---|
Create Article | Add articles to the knowledge base for a specific project. Implies Read Article. |
Delete Article | Delete articles from the knowledge base in a specific project. Implies Read Article. |
Read Article | View articles and article content in the knowledge base for a specific project. Note that users are only able to view articles in projects where they have the Read Project Basic permission. |
Update Article | Edit existing articles in the knowledge base for a specific project. Implies Read Article. |
Article Comment
Permission | Description |
|---|---|
Create Article Comment | Add comments to existing articles in the knowledge base for a specific project. Implies Read Article Comment. Users with this permission can edit or delete their own comments as well. |
Delete Article Comment | Delete comments that have been posted to articles in the knowledge base for a specific project. This includes comments that were posted by other users. Implies Read Article Comment. |
Read Article Comment | View comments that have been posted to articles in the knowledge base for a specific project. |
Update Article Comment | Edit comments that have been posted to articles in the knowledge base for a specific project. This includes comments that were posted by other users. Implies Read Article Comment. |
Group
The following permissions grant access to group-related actions. Groups are used as resources in a project. These permissions are all available at the per-project level.
Permission | Description |
|---|---|
Create Group | Create new groups. |
Delete Group | Delete groups. Implies Read Group. |
Read Group | View the list of groups and read group properties. When combined with other permissions, the following access rights are granted:
|
Update Group | Edit group properties. When combined with other permissions, the following access rights are granted:
Implies Read Group. |
Issue
Permission | Description |
|---|---|
Apply Commands Silently | Update issue attributes using a command without sending update notification messages to users who subscribe to issue updates. |
Create Issue | Create (report) issues in a project. Users with this permission can view public fields, update public fields, and add links to the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions. Implies Read Project Basic. |
Delete Issue | Delete issues. |
Link Issues | Add links that define relationships between issues. Users with the Create Issue permission inherit the permission to add links to their own issues whether they are granted this permission or not. However, they can only add links to issues that they have permission to read. |
Override Visibility Restrictions | View issues, comments, and attachments that are hidden by visibility settings. Implies Read Issue Private Fields. |
Read Issue | View issues and read public fields. Users with the Create Issue permission inherit the permission to read their own issues whether they are granted this permission or not. Implies Read Project Basic. |
Read Issue Private Fields | View private fields in issues. Implies Read Project Basic. |
Update Issue | Update the values for public fields in issues. Users with the Create Issue permission inherit the permission to update their own issues whether they are granted this permission or not. |
Update Issue Private Fields | Update the values for private fields in issues. Implies Read Issue Private Fields and Update Issue. |
Update Watchers | Add other users to the list of watchers for an issue. |
View Voters | View the list of users who have voted for an issue (available in single issue view). Implies Read Project Basic. |
View Watchers | View the list of users who are watching an issue (available in single issue view). Implies Read Project Basic. |
Issue Attachment
Permission | Description |
|---|---|
Add Attachment | Attach files to issues. |
Delete Attachment | Delete any file that is attached to an issue. All users can delete the files that they attached to issues themselves even when they are not explicitly granted this permission. |
Update Attachment | Modify files attached to issues and restrict attachment visibility. All users can update visibility settings for the files that they attached to issues themselves even when they are not explicitly granted this permission. |
Issue Comment
Permission | Description |
|---|---|
Create Issue Comment | Add comments to issues. Users with this permission inherit the permission to read their own comments, even when they don't have the Read Issue Comment permission. The ability to edit a comment requires the Update Issue Comment permission. |
Delete Issue Comment | Delete comments that have been added to issues. |
Delete Not Own and Permanent Comment Delete | Delete comments that were added to issues by other users and delete comments permanently. Implies Read Comment. |
Read Issue Comment | View comments that have been added to issues. Users with the Create Comment permission inherit the permission to view their own comments whether they are granted this permission or not. |
Update Issue Comment | Edit comments that have been added to issues. |
Update Not Own Issue Comment | Edit comments that were added to issues by other users. Implies Read Comment. |
Issue Work Item
Permission | Description |
|---|---|
Create Not Own Work Item | Create work items and set another user as the work author. Implies Create Work Item. |
Create Work Item | Add work items to issues. Users with this permission inherit the permission to read their own work items, even when they don't have the Read Work Item permission. The ability to edit a work item requires the Update Work Item permission. |
Read Work Item | View the list of work items in an issue. Users with the Create Work Item permission inherit the permission to read their own work items whether they are granted this permission or not. |
Update Not Own Work Item | Edit work items created by other users. Also grants permission to create work items on behalf of other users. Implies Read Work Item and Update Work Item. |
Update Work Item | Edit work items that they have added to issues. |
Organization
The following permissions grant access to organization-related actions. These permissions are all available at the global level.
Permission | Description |
|---|---|
Create Organization | Add new organizations to the system. Implies Read Organization. |
Delete Organization | Permanently remove organization records from the system. Implies Read Organization. |
Read Organization | View organizations and their attributes. |
Update Organization | Edit organization attributes, manage project assignments and access rights. Implies Read Organization. |
Project
The following permissions grant access to project-related actions.
The Create Project permission is granted at the global level.
All other project-related permissions are granted on a per-project basis.
Permission | Description |
|---|---|
Create Project | Create new projects. |
Delete Project | Delete projects. Implies Read Project Full. |
Read Project Basic | View basic project properties. Basic project properties include the name, description, logo, and project owner. When combined with other permissions, the following access rights are granted:
|
Read Project Full | View all project properties. Users who are granted this permission can view the complete set of project settings, including custom fields, VCS and build server integrations, notifications, time tracking, and workflows. When combined with other permissions, the following access rights are granted:
Implies Read Project Basic. |
Update Project | Edit project properties and content, manage resources. Implies Read Project Full. |
Report
Permission | Description |
|---|---|
Create Report | Create reports that present data from issues in a project. Implies Read Report. |
Read Report | View reports that present date from issues in a project. |
Share Report | Update the settings that allow members of specific groups to view and use a report or edit the report settings. Implies Read Report. |
Roles
The following permissions grant access to role-related actions. These permissions are all available at the global level.
Permission | Description |
|---|---|
Manage Role | Modify the permission scheme using any of the following operations:
Implies Read Role |
Read Role | View the list of roles and the set of permissions that are assigned to each role. When combined with other permissions, the following access rights are granted:
|
Users
The following permissions grant access to user-related actions. These permissions are all available at the global level.
Permission | Description |
|---|---|
Create User | Create new user accounts. Invite users to register their own accounts. |
Delete User | Delete user accounts. Implies Read User Full. |
Read User Basic | View the list of registered users and read the ID, username, name, and avatar for each user. With Update Group, users can manage group memberships. Users who don't have permission to read this information only see anonymized versions of other user accounts in the system. To learn more, see Anonymized Users. |
Read User Full | View all properties for all registered users, including authorization details. Implies Read User Basic. |
Update Self | Edit own profile data. |
Update User | Edit user profile data. Ban, merge, and anonymize user accounts. Implies Update Self and Read User Full. |
Watch Folder
Permission | Description |
|---|---|
Create Tag or Saved Search | Create tags and saved searches. |
Delete Tag or Saved Search | Delete the tags and saved searches that they have created. |
Edit Tag or Saved Search | Edit the tags and saved searches that they have created. Allows users to edit tags and saved searches if the user is a member of the group that is allowed to edit the tag or saved search. |
Share Tag, Saved Search, Agile Board, or Gantt Chart | Update settings that give other users the ability to view, use, or edit tags, saved searches, agile boards, and Gantt charts. |