Access and Permissions

Access and Permissions

1. App Access in Jira Cloud

Once Time Tracker is installed, the app appears in Jira Cloud’s main navigation under Apps > Time Tracker, and is visible regardless of user permissions help.tempo.io .

Authorization Error:
If a user lacks permission to see Time Tracker, selecting it will result in an Authorization error, both from the main navigation and project page help.tempo.io .

2. Granting Access: Key Settings

To grant appropriate access, administrators should configure these settings:

• Auditor Groups – Users in these groups can view workloads from other users.

• Time Entry Issue Panel Groups – Users in these groups can view only their own workloads via the time entry panel help.tempo.io+1 .

• Time Entry Issue Panel Projects – List of projects where the Time Entry Panel is enabled on project pages help.tempo.io+1 .

3. Time Entry Issue Panel Behavior

• In the Issue view, every user sees a Time Entry button under Apps, but if they don’t have the right permissions, nothing happens when they click it help.tempo.io .

• The Time Entry Panel remains hidden until a user explicitly adds it to an issue. Once added, it stays visible for that specific issue for all users help.tempo.io .

• This manual activation is by design—for performance optimization—and cannot be changed globally or at the project level help.tempo.io .

• To ensure that the full Time Tracker panel appears (instead of Time Tracker Lite), users must manually add the Time Entry Panel on active issues help.tempo.io .

• To hide the panel again, use the issue’s action menu (click the three dots) and choose Hide Time Entry help.tempo.io .

4. Access Settings Overview

Time Tracker provides several permission configurations—allowing admins to finely control who can see or log time:

Note: These settings can be combined for complex, role- and group-based access controls—for example:

• A user in Auditors Group + Restricted Group will only see another user’s timesheet if they share group membership help.tempo.io .

5. Example Workflows

• Regular User: Can access the Time Tracker app only if in Time Entry Issue Panel Groups or Auditors Groups. They can add the panel to an issue and then log/view their own time entries.

• Auditor: Member of Auditor Groups or Roles, can view others' workloads and access reports from the main navigation.

• Accountant: Member of Accountants Group, can access cost reports but may not log time entries for themselves.

• Restricted Member: Only sees timesheets of users within the same specified groups.

6. Best Practices

• Assign Auditors Groups/Roles only to users who legitimately need cross-user visibility (e.g., project leads, auditors).

• Use Restricted Groups and Accountants Groups for sensitive data control—especially cost-related information.

• Actively inform users they must add the Time Entry Panel manually to relevant issues to log time efficiently.

• Regularly review and audit these group/role assignments to maintain security and compliance.

7. Restricted Groups

User from non-restricted groups can now see any other user worklogs, unless non-auditor.

Previously, if Restricted Groups were defined, but currently logged in User was not member of any group selected, such user could not see any other user worklogs.

Now, such user is thought as not a restricted user, and thus can see other users' worklogs, if he or she is Auditor or Timesheet Auditors configuration option is not defined.

And as before, users from the Restricted Groups selected are restricted to see worklogs of the users of their own groups.

Note, it’s the same for Time Reports for Jira Server/Data Center and Timesheet Reports and Gadgets for Jira Server/Data Center too.