How to Check if a User is a Site Admin via API

Hi,
I need to find an API that can return information about whether a user is a site admin on an Atlassian site. Specifically, I’m looking for a way to programmatically determine the user’s role, with a focus on identifying if they have administrative privileges on the site. Is there a dedicated API endpoint or method that provides this information, and what are the best practices for retrieving and handling these role details securely?

Thank,

Hi @DuyenNguyen

You can check this using the permissions of the user.

See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permissions/#api-rest-api-3-permissions-get for all the permissions know. There are 3 admin related permissions:

"ADMINISTER": {
  "key": "ADMINISTER",
  "name": "Administer Jira",
  "type": "GLOBAL",
  "description": "Create and administer projects, issue types, fields, workflows, and schemes for all projects. Users with this permission can perform most administration tasks, except: managing users, importing data, and editing system email settings."
},
"ADMINISTER_PROJECTS": {
  "key": "ADMINISTER_PROJECTS",
  "name": "Administer Projects",
  "type": "PROJECT",
  "description": "Ability to administer a project in Jira."
},
"SYSTEM_ADMIN": {
  "key": "SYSTEM_ADMIN",
  "name": "Jira System Administrators",
  "type": "GLOBAL",
  "description": "Ability to perform all administration functions. There must be at least one group with this permission."
},

I suspect either SYSTEM_ADMIN or ADMINISTER will do the trick for you.

See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permissions/#api-rest-api-3-mypermissions-get to check if the user has the permissions you need.
If you use the Atlassian Connect Spring Boot starter then you should take a look at this API, AtlassianHostRestClients.authenticatedAsHostActor() or AtlassianHostRestClients.authenticatedAs(AtlassianHostUser hostUser)

1 Like

@markrekveld Thank you for your suggestion. I will check based on your recommendation.

I tried with the case of user with site admin role and without site admin role.

The results returned show no difference?

Site: https://{siteName}.atlassian.net/rest/api/3/mypermissions?permissions=SYSTEM_ADMIN,ADMINISTER,ADMINISTER_PROJECTS

User haven’t site admin role.

{
    "permissions": {
        "ADMINISTER_PROJECTS": {
            "id": "23",
            "key": "ADMINISTER_PROJECTS",
            "name": "Administer Projects",
            "type": "PROJECT",
            "description": "Ability to administer a project in Jira.",
            "havePermission": false
        },
        "ADMINISTER": {
            "id": "0",
            "key": "ADMINISTER",
            "name": "Administer Jira",
            "type": "GLOBAL",
            "description": "Create and administer projects, issue types, fields, workflows, and schemes for all projects. Users with this permission can perform most administration tasks, except: managing users, importing data, and editing system email settings.",
            "havePermission": false
        },
        "SYSTEM_ADMIN": {
            "id": "44",
            "key": "SYSTEM_ADMIN",
            "name": "Jira System Administrators",
            "type": "GLOBAL",
            "description": "Ability to perform all administration functions. There must be at least one group with this permission.",
            "havePermission": false
        }
    }
}

After add site admin role.

{
    "permissions": {
        "ADMINISTER_PROJECTS": {
            "id": "23",
            "key": "ADMINISTER_PROJECTS",
            "name": "Administer Projects",
            "type": "PROJECT",
            "description": "Ability to administer a project in Jira.",
            "havePermission": false
        },
        "ADMINISTER": {
            "id": "0",
            "key": "ADMINISTER",
            "name": "Administer Jira",
            "type": "GLOBAL",
            "description": "Create and administer projects, issue types, fields, workflows, and schemes for all projects. Users with this permission can perform most administration tasks, except: managing users, importing data, and editing system email settings.",
            "havePermission": false
        },
        "SYSTEM_ADMIN": {
            "id": "44",
            "key": "SYSTEM_ADMIN",
            "name": "Jira System Administrators",
            "type": "GLOBAL",
            "description": "Ability to perform all administration functions. There must be at least one group with this permission.",
            "havePermission": false
        }
    }
}

I tried differentiating by group name. But there is no connection between site admin and role name?
Refer to: Give users admin permissions

For centralized user management, is there an API that returns information about a user’s site admin role???

You can take a look at the user APIs like this one https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-users/#api-rest-api-3-user-groups-get to get the groups of a user

Or you can use the convention of knowing that group name to find members by using an API like this you can find all the members of the site-admin group: https://your-isntance-name.atlassian.net/rest/api/3/group/member?groupname=site-admins

1 Like

@markrekveld

Thank you very much for your response.

I have tested it, and it works well for checking the site admin role with “Original user management.”

However, in cases where the organization uses “Centralized user management,” users with a group name of site-admin or org-admin will have the Organization admin role.

So, I am still having trouble checking the site admin role with “Centralized user management.”

If you have any other ideas, please let me know!

Reference:

In that case, simply update your code to see if the user is a member of either the site-admins and the org-admins group.

In this case I would use the myself API https://your-instance.atlassian.com/rest/api/3/myself to find the accountId of the current user interacting with my app

Using the returned accountId I would then request all the groups the user is a member https://your-instance.atlassian.com/rest/api/3/user/groups?accountId=5b10ac8d82e05b22cc7d4ef5

Then look at the response to see either the site-admins or the org-admins groups.

For “Centralized user management” checking site admin role by groups is not possible.
Site admins are not added to a group as the permissions for this role are given directly to the user.
=> User can be site admin role without any group.


User show detail:

The permissions should be listed somewhere for those users as well.
If the permissions APIs are not working, then maybe one of these APIs can help About cloud admin REST APIs

1 Like

API : https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-groups/#api-rest-api-2-group-bulk-get
This API with the parameter accessType=site-admin will return a list of groups with site admin permissions. And you can also find all the members of the group using this endpoint:
https://your-instance-name.atlassian.net/rest/api/3/group/member?groupname=site-admins.

However, this approach seems insufficient because I am unable to retrieve all users with site admin permissions in organizations. :roll_eyes: