Community moderators have prevented the ability to post new answers.
First, stop thinking about "limit". JIRA does things permissively - a user can see or do something because their account matches a rule that says "allow this". There are some options to say "deny this" later, but they have limited use cases.
Secondly, the answer is "roles". Look at the permission schemes for projects - these say "user matching rule X, can do Y in this project". For example, it will say things like "Role developers can read, edit and transition issues" and "Role user can create, close and comment on issues". You could use groups in the permission schemes, but that rapidly becomes a management nightmare because you have to write a new permission scheme for every single variation (which can be one per project)
Once you've established what roles are needed (or not), you can add (or remove) individual users, or groups to allow (or remove access to) the functions defined in the permission scheme.
Hi Nic,
Thanks. The reason I need this is I am required to connect to an LDAP and also import and existing JIRA DB. So I have to make sure the LDAP users and groups have appropriate access. LDAP connection ensures the users are added to the correct groups. The next issue is to make sure the groups have correct access to the existing projects.
Eshan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, JIRA doesn't actually care where the groups and users come from, apart from when you're configuring the user "directories".  Off the shelf, there's an internal directory for them, but you can add others, and when you have, you'll mostly see the provided users and groups in single lists (e.g, you will see Alice, Bob, Chuck, Dave and Elise as users, without really caring that Alice, Chuck and Elise are from LDAP and Bob and Dave are internal).
So, as long as your permission schemes are right, and your roles contain the right users and groups, you should be fine!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I still don't understand how this works. I have created a role, and everyone can still see everything. HELP! I'm so frustrated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You need to remove the "everyone can see everything" rule from your permission schemes, and then you can add your single user back in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.