Summary

At the moment, in Jira Cloud Audit logs, we capture the following events:

• When a group is created in the user management page
• When a group is added to a project role in a Jira space
• When a group is added to the space permission scheme
• When a group is deleted in the user management page

However, when the group is deleted in user management page, the association of that group in project roles and permission schemes is automatically removed and this action is not audited.

In the event of unexpected (user/group provisioning actions) or unintentional deletions (human error), deletion of groups can result in locking our users from multiple spaces. Recreation of groups does not help in restoring access as they are created as new group entities.

Suggestion

Audit logs should capture removal of group(s) from project roles and permission schemes when the group(s) is deleted in the user management page

Workaround

Audit logs in Jira is available upto 180 days. It is recommended to export the audit logs in a scheduled manner to capture below events:

• When a group is created in the user management page
• When a group is added to a project role in a Jira space
• When a group is added to the space permission scheme
• When a group is deleted in the user management page

These logs can be useful when trying to map deleted user/groups to permission schemes or roles in scenarios where restoration is required.