Permissions

The permissions listed on this page grant access to work with the entities that are managed in YouTrack.

A permission is an authorization granted to a user to perform an action. Permissions are granted to a user within a role, not directly.

A role is a set of permissions that defines the level of access for a user to particular functionality and operations.

Permission Scopes

Permissions have different scopes to control where they apply.

Global permissions are granted within YouTrack's global scope and do not depend on a specific project. For example, you can't grant permission to create users in a single project, you can do it only in the system-wide scope. Global permissions are marked with a Global badge in the permission list.
Permissions with project scopes allow actions related to a specific project. For example, a role with the Read Project Basic permission grants access to view project properties and content for a specific project. If these users don't have the Read Project Basic permission for other projects in YouTrack, they don't have access to them.
Organization-scoped permissions are limited to a specific organization.

Inherent Permissions

When you have permission to create something in YouTrack, you inherit the permission to read your own content. Separate permissions are required to update your own comments and work items, but not your own issues. You also require explicit permission to read and update content that was posted by other users.

Issue reporters always have permission to view public fields, update public fields, and add links to the issues that they created. This means that users who are granted the Create Issue permission in a project can perform these actions with the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions.
This also applies to users who have the Add Attachment permission. Users who attach files to an issue inherit the ability to modify these files and restrict their visibility without the Update Attachment permission.
However, users can't delete their own issues without the Delete Issue permission.
Users who have the Create Issue Comment permission inherit the permission to read their own comments, even when they don't have the Read Issue Comment permission. The ability to edit your own comments requires the Update Issue Comment permission.
Users with the Create Work Item permission inherit the permission to read their own work items, even when they don't have the Read Work Item permission. The ability to edit your own work item requires the Update Work Item permission.
For articles in the knowledge base, users with the Create Article Comment permission inherit the permission to read and update their own comments, even when they don't have the Update Article Comment permission. The Create Article Comment implicitly grants the Read Article Comment permission.

Implied and Dependent Permissions

Implicit links connect permissions where actions that are granted by one permission are technically impossible without the other. This approach makes it easier to define custom roles with the appropriate access rights.

When you add a permission with implied permissions to a role, the implied permissions are added to the role automatically.
When you remove a permission with dependent permissions to a role, the dependent permissions are removed from the role automatically.

For example, the Read Project Basic permission (from the Hub service) is automatically added to a role when you add either Read Issue or Create Issue permission from the YouTrack service. It's technically impossible to view or create issues without being able to read basic project properties like the project name and project ID, so the Read Project Basic permission is granted implicitly.

To view the sets of implied and dependent permissions, move your pointer over the icon next to a permission name in the sidebar.

Details sidebar showing the implied and dependent permissions for the Read Issue Private Fields permission.

System

The following permissions are not related to specific entities in the system. These permissions are available at the global scope.

Permission	Description
Low-level Admin Read	Read-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics. Includes permission to: View the list of groups, read group properties, and view subgroups. View roles.
Low-level Admin Write	Manage low-level administrative actions. Includes permission to integrate with third-party services and back up the database. Includes permission to: Create, update, and delete groups. Create, update, and delete roles. Implies Low-level Admin Read.

Permission

Description

Low-level Admin Read

Read-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics. Includes permission to:

View the list of groups, read group properties, and view subgroups.
View roles.

Low-level Admin Write

Manage low-level administrative actions. Includes permission to integrate with third-party services and back up the database. Includes permission to:

Create, update, and delete groups.
Create, update, and delete roles.

Implies Low-level Admin Read.

Article permissions determine what actions users can take within individual knowledge base articles in YouTrack. These permissions apply at the project scope.

Permission	Description
Create Article	Add articles to the knowledge base for a specific project. Implies Read Article.
Delete Article	Delete articles from the knowledge base in a specific project. Implies Read Article.
Read Article	View articles and article content in the knowledge base for a specific project. Note that users are only able to view articles in projects where they have the Read Project Basic permission.
Update Article	Edit existing articles in the knowledge base for a specific project. Implies Read Article.

Article comment permissions define what users can do with comments on knowledge base articles. These permissions cover actions like adding, editing, deleting, or viewing comments and apply at the project scope.

Permission	Description
Create Article Comment	Add comments to existing articles in the knowledge base for a specific project. Implies Read Article Comment. Users with this permission can edit or delete their own comments as well.
Delete Article Comment	Delete comments that have been posted to articles in the knowledge base for a specific project. This includes comments posted by other users. Implies Read Article Comment.
Read Article Comment	View comments that have been posted to articles in the knowledge base for a specific project.
Update Article Comment	Edit comments that have been posted to articles in the knowledge base for a specific project. This includes comments posted by other users. Implies Read Article Comment.

Issue permissions define what actions users can perform on issues within YouTrack. These permissions cover various tasks, such as creating, editing, viewing, or deleting issues and are applied at the project scope.

Permission	Description
Apply Commands Silently	Update issue attributes using a command without sending update notification messages to users who subscribe to issue updates.
Create Issue	Create (report) issues in a project. Users with this permission can view public fields, update public fields, and add links to the issues they reported even when they don't have Read Issue, Update Issue, and Link Issues permissions. Implies Read Project Basic.
Delete Issue	Delete issues.
Link Issues	Add links that define relationships between issues. Users with the Create Issue permission inherit the permission to add links to their own issues whether they are granted this permission or not. However, they can only add links to issues that they have permission to read.
Override Visibility Restrictions	View issues, comments, and attachments that are hidden by visibility settings. Implies Read Issue Private Fields.
Read Issue	View issues and read public fields. Users with the Create Issue permission inherit the permission to read their own issues whether they are granted this permission or not. Implies Read Project Basic.
Read Issue Private Fields	View private fields in issues. Implies Read Project Basic.
Update Issue	Update the values for public fields in issues. Users with the Create Issue permission inherit the permission to update their own issues whether they are granted this permission or not. In helpdesk projects, editing ticket descriptions is restricted for all users. The Update Issue permission doesn't impact the ability to modify ticket descriptions.
Update Issue Private Fields	Update the values for private fields in issues. Implies Read Issue Private Fields and Update Issue.
Update Watchers	Add other users to the list of watchers for an issue.
View Voters	View the list of users who have voted for an issue (available in single issue view). Implies Read Project Basic.
View Watchers	View the list of users who are watching an issue (available in single issue view). Implies Read Project Basic.

Issue attachment permissions control what users can do with attachments on issues in YouTrack. These permissions include actions like adding, viewing, deleting, or updating files attached to issues and are applied at the project scope.

Permission	Description
Add Attachment	Attach files to issues.
Delete Attachment	Delete any file attached to an issue. All users can delete the files that they attached to issues themselves even when they are not explicitly granted this permission.
Update Attachment	Modify files attached to issues and restrict attachment visibility. All users can update visibility settings for the files that they attached to issues themselves even when they are not explicitly granted this permission.

Permission

Description

Add Attachment

Attach files to issues.

Delete Attachment

Delete any file attached to an issue.

All users can delete the files that they attached to issues themselves even when they are not explicitly granted this permission.

Update Attachment

Modify files attached to issues and restrict attachment visibility.

All users can update visibility settings for the files that they attached to issues themselves even when they are not explicitly granted this permission.

Issue comment permissions determine what actions users can take with comments on issues in YouTrack. These permissions include adding, editing, deleting, or viewing comments and are applied at the project scope.

Permission	Description
Create Issue Comment	Add comments to issues. Users with this permission inherit the permission to read their own comments, even when they don't have the Read Issue Comment permission. The ability to edit a comment requires the Update Issue Comment permission.
Delete Issue Comment	Delete comments that have been added to issues.
Delete Not Own and Permanent Comment Delete	Delete comments that were added to issues by other users and delete comments permanently. Implies Read Comment.
Read Issue Comment	View comments that have been added to issues. Users with the Create Comment permission inherit the permission to view their own comments whether they are granted this permission or not.
Update Issue Comment	Edit comments that have been added to issues. In helpdesk projects, editing public ticket comments is restricted for all users. The Update Issue Comment permission doesn't impact the ability to modify public ticket comments.
Update Not Own Issue Comment	Edit comments that were added to issues by other users. Implies Read Comment.

Issue work item permissions control what users can do with work items associated with issues in YouTrack. These permissions include adding, editing, viewing, or deleting work items and are applied at the project scope.

Permission	Description
Create Not Own Work Item	Create work items and set another user as the work author. Implies Create Work Item.
Create Work Item	Add work items to issues. Users with this permission inherit the permission to read their own work items, even when they don't have the Read Work Item permission. The ability to edit a work item requires the Update Work Item permission.
Read Work Item	View the list of work items in an issue. Users with the Create Work Item permission inherit the permission to read their own work items whether they are granted this permission or not.
Update Not Own Work Item	Edit work items created by other users. Also grants permission to create work items on behalf of other users. Implies Read Work Item and Update Work Item.
Update Work Item	Edit work items that they have added to issues.

Organization permissions define what actions users can perform at the organization level in YouTrack. The following permissions grant access to organization-related actions.

The Create Organization permission is available at the global scope.
Other permissions are applied at the organization scope.

Permission	Description
Create Organization	Add new organizations to the system. Implies Read Organization.
Delete Organization	Permanently remove organization records from the system. Implies Read Organization.
Read Organization	View organizations and their attributes. Users who are also granted Read Project Full permission for at least one project assigned to the organization are able to view the list of roles and the set of permissions assigned to each role for the organization.
Update Organization	Edit organization attributes, manage project assignments and access rights. Implies Read Organization.

Project permissions control what actions users can perform within specific projects in YouTrack. The following permissions grant access to project-related actions.

The Create Project permission is granted at the global scope.
All other project-related permissions are applied at the project scope.

Permission	Description
Create Project	Create new projects.
Delete Project	Delete projects. Implies Read Project Full.
Read Project Basic	View basic project properties. Basic project properties include the name, description, logo, and project owner. When combined with Read User Basic, users can view the list of users who are members of the project team.
Read Project Full	View all project properties. Users who are granted this permission can view the complete set of project settings, including custom fields, VCS and build server integrations, notifications, time tracking, and workflows. Also grants access to view roles and permissions granted to the project team as well as the roles and permissions assigned to other users and groups in the project. Implies Read Project Basic.
Update Project	Edit project properties and content. Includes permission to: Create, read, update, and delete groups. Create, read, update, and delete roles. Implies Read Project Full.

User permissions define what actions users can take in managing other user accounts in YouTrack. The following permissions grant access to user-related actions. These permissions are all available at the global scope.

Permission	Description
Create User	Create new user accounts. Invite users to register their own accounts.
Delete User	Delete user accounts. Implies Read User Full.
Read User Basic	View the list of registered users and read the ID, username, name, and avatar for each user. With Update Group, users can manage group memberships. Users who don't have permission to read this information only see anonymized versions of other user accounts in the system. To learn more, see Anonymized Users.
Read User Full	View all properties for all registered users, including authorization details. Implies Read User Basic.
Update Self	Edit own Account Security information in the user profile. This includes editing two-factor authentication, credentials, and authentication tokens in YouTrack. To learn more, see Account Security.
Update User	Edit user profile data. Ban, merge, and anonymize user accounts. Implies Update Self and Read User Full.

26 March 2026

Permissions

Permission Scopes

Inherent Permissions

Implied and Dependent Permissions

System

Article

Article Comment

Issue

Issue Attachment

Issue Comment

Issue Work Item

Organization

Project

Users