I'm excited that there's a Jira Cloud admin group now. The problem I'm working on is two fold and I'm curious what others have done.
1) Limit external contractors via a GSuite group so they are limited to seeing a particular project. I think I have this solved but I have to update all the NextGen projects to make them private and have shut-off the creation of new NextGen projects. Once the NextGen projects are private, I can just add the contractor Gsuite group to the User role for the project I want the to see which seems to work fine. The contractor group will also be set via Access to have Jira product access.
2) Auto-provision users by their GSuite group. Unfortunately, we have a lot of different Gsuite groups and we have set them up to flow into Atlassian Access. There's at least 15 groups for our development organization and they should all have unlimited access to development Jira projects. With Access I can grant these groups Jira product access, but then they still need to be added to projects. For this use case, I'm thinking of just adding all of the groups into a new permission scheme and then switching all of those development projects to use the new permission scheme. Alternatively, I'd have to go into each project and add the groups to a developer role which seems kind of painful. Note: currently we just have the basic jira-users, jira-developer groups and just put people in those groups manually when they need to use Jira. Has anyone else done something similar?
Later I'll have to figure out how to auto-provision the other non-development teams that use Jira but that's a problem for another time. I welcome any thoughts on this. Thanks.
I think the best solution is to create a new permission scheme where you can add a new user group called 'contractors'. This contractors group will have the access permissions you want to add. Then you should add all of the rest user groups into the new permission scheme and switch all the projects to the new scheme.
Thanks - I ended up doing something similar. I have a new group for the contractors and made a permission scheme that leveraged that group to have the correct access to the 1 project they should be able to see. The contractors aren't in the basic "jira-users" group so they can't see any of the other projects. I didn't have to change the permission scheme that most of the projects were already using.
Hey for #1
I have several different projects where other groups cannot see each other's projects. To do so I have made my projects private by creating a role and adding that to the projects permissions schemes. By default, if there is no permissions in the project set up, you let people into the system they will have the ability to browse all projects