Issue Summary

In Jira Data Center with multiple user directories (e.g. internal + LDAP/AD), Jira evaluates nested group permissions using non-aggregating membership semantics. This is an intentional design, but the UI does not clearly communicate that cross-directory nested group permissions will not work as many admins expect.

This bug requests clearer in-product messaging or warnings around this limitation.

Steps to Reproduce

1. Configure multiple user directories (e.g. Internal + LDAP/AD) with nested groups enabled.
2. Create:
3. ParentGroup
4. * ChildGroupA
5. * ChildGroupB
6. Add ParentGroup to a Project role and use that role in the permission scheme (e.g. "Assignable User", "Assign Issues").
7. Add users from different directories to ChildGroupA / ChildGroupB.
8. Try to assign issues to those users or rely on the parent group for permissions.

Expected Results

If Jira will not aggregate nested memberships across directories, the UI should make this clear, for example:

• A warning or help text in User Directories / group configuration.
• A hint on the Project role / Permission screens that in multi-directory setups, nested permissions are evaluated per directory and may not behave as expected across directories.

Actual Results

• Jira silently accepts configurations that rely on cross-directory nested groups.
• No inline warning explains that users in child groups from other directories may not inherit permissions from the parent group.
• Admins typically discover this only when permission problems appear in production.

Workaround

• Assign the child groups directly to project roles / permissions instead of relying on a parent "wrapper" group.
• Avoid cross-directory nesting and keep relevant users and groups in a single directory.