Dear
We've added a client of us as a guest user to Jira.
We want to give him access to one specific project, but it seems that he can see other project ánd there tickets too, which is not the purpose.
Could you give me an advise on what I have to change?
Thank you.
Vanessa
This is a classic issue; As Atlassian promotes openness by default, permissions to projects follow that logic. And so, in the permission schemes of projects you create from built-in templates, you will see the browse project permission being granted to any logged-in user or something like that.
That needs to change. The moment you come to the point where you want to add a first user you want to restrict, it becomes clear that permissions have not been set up with that in mind.
So, this is the time where you should review all permission schemes used for all projects you currently have and remove that any logged in user from the browse project permission and - instead - associate project roles (preferred) or user groups with the permission instead. This may be tricky, as removing the option may lead to people losing their project access, which you need to fix by adding them to the newly assigned roles. This is in fact the scenario for company managed projects.
If you'e also using team-managed projects, all projects that now have open permissions, should be updated to limited or private as well to obtain the same results.
Hope this helps!
You need to modify you permission scheme or create a new one. By default anyone that have access to Jira would have access to all projects. So in your case I would create a new one and base the access on project roles, that way you can add the user to one of the roles in the specific project and the permission scheme would have that role added to the browse project permission. You can learn more about permission schemes here and here.
You could also take this a step further if you want to limit the issues that the user have access to by using issue security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My Jira project has this nice "Manage Roles" section where I can create a custom role and give it specific permissions, and then I can assign it to a specific user. From a configuration perspective, this appears to be fantastic and SO much easier than what I've tried to do (unsuccessfully) with the permission schemes.
Unfortunately, it doesn't seem to work. Am I doing something wrong or is it really this difficult to add an outside user to a single project?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Vanessa De Boeck ,
First create a new permission Scheme Specifically tailored for the guest users, Should only have limited access. And next go to the permissions edit the permissions scheme associsated with the project and align with the new scheme created for guest user. Within the permission scehem find specific permissions related to brwosing issues, viewing comments, and other actions. Now ensure that these permissions are set to only allow access to desired project for that group with the guest user.
Now, check your instance handling guest user. They might be part of specific group and make sure that group with association with the guest user is configured to have the restricted permission you have defined for the project. After making these changes, test access with the guest user account so that the associated it correct or not. and Dont forget to Cross-Check other Global level or Project level Permissions to ensure there are no conflicting settings that might unneccesarly grant access to other projects.
Thank You
Sumukh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I agreed with what @Walter Buggenhout / @Mikael Sandberg suggested. You need to create a custom permission scheme for your project in question. Afterward, assign the specific user with the appropriate project role for it. The key permission is "Browse Project" where you need to locked down and ensure this specific user is not associated with any project role/group that the project permission scheme called out.
Hope this helps.
Best, Joseph Chung Yin
Jira/JSM Functional Lead, Global Technology Applications Team
Viasat Inc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.