So, with only the Administer Issues permission, developers can change the Severity level as well as the Issue status. This allows a group of users to bypass a security policy (Quality Profile and Quality Gate) by making a Blocker into a Major severity. This is not a good feature if we want to shift left the adjudication. The issue admin could still set to “Resolve as won’t fix” and describe why, but we wouldn’t want the to modify the governance board settings.
So recommend/request that we add “Administer Severity” to the project roles permissions.