How to restrict newly added users to specific Jira and Confluence access?

We have the Cloud version of JIRA and Confluence with the default settings.

I just added a new user and they are able to see all Projects, issues, and all Confluence spaces by default.

New users get the default settings jira-users and confluence-users.

How do we tighten things up to restrict new users from seeing things unless explicitly added to the project or group? 

Is there another restrictive permissions theme I can choose from?

4 answers

0 votes
Sam Hall Community Champion Jan 19, 2017

Hi Barbara,

It depends exactly what you want to restrict, but this should get you started:

The jira-users and confluence-users groups represent all users of JIRA/Confluence.

If you want to restrict particular JIRA projects and Confluence spaces so that they can't be seen by all users, you need to set up groups to represent those who should see them. For example, you could create a group called, say, privileged-users for users who have access to view special projects/spaces. 

Then you can edit your JIRA project and Confluence space permissions so that only users in  privileged-users get to view the special stuff:

  • For JIRA, you can create a new permission scheme, with the browse projects permission only granted to your privileged-users group and not "Any logged in user". Then apply that scheme to the special projects that you want to limit access to.
  • For Confluence, you can edit space permissions for a particular space so that only the privileged-users group has view permission, and confluence-users does not. Permissions are additive, so a user who is in both groups will be able to view. 
    You can also set up default space permissions in a similar way, to apply to newly created spaces.  

Hope this helps a bit.


Thank you. very helpful. JIRA now restricts access and users have to manually be added per project.

How do I do the same in Confluence? New users should be able to login and use (create pages) but manually added to a space in order to view (given a link or request access)?

You can define an own permission scheme as shown here .

There you have the possibility to set permissions for either a specific user group.

If you want to keep it more specific you can also define a new project role and add the needed users to this role (as descirbed in the links)

In the permission scheme you only have to edit two permissions to hide them from unauthorized users:

  • browse project - to make project visible only for the group/project role
  • edit issues - to allow edit issues


Once you've created that permission scheme you have to set this scheme for the projects you want.

(Another possibility would be changing the default permission scheme, but I would not recommand that)

Oh yeah, you are right laugh I was in a hurry and overlooked that... thanks, I just edited the link smile

Thhanks, JIRA works now. Having probs with Confluence though. I want new users to be able to create their own space/page but require them to request access to specific projects (or be given a link)

Hi Barbara,

For Confluence, users are added by default to the confluence-users group.  When you create a space, the confluence-users group is given view access to that space by default.

Users must have access to a space in order to view/create pages.  Confluence provides access to all spaces and pages "out-of-the-box", and you have to restrict access, rather than granting access.

However, you can set up your own user groups and give those groups permissions only to certain space.  You can also go down to the page level and set restrictions on who can view/edit certain pages, so whilst you might give a group permission to view a space, you could also set restrictions on each individual page so that only certain users can view or edit a specific page within that space.


You might find this page and the links in it very useful if you're tying to get your head around users, groups and permissions.

A bit late to the party, but using permission scheme I am trying to allow only one group of external users to have the ability to select/edit watchers inside that group.

In a custom scheme i added Manage Watchers and View Voters and Watchers to that group, but those users still can't enter new watchers, not from their group nor complete jira-login group.

What am I missing? Shouldn't this permission scheme override other global settings?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Statuspage

How do your teams prepare for really high (planned) traffic days like Cyber Monday?

Hi there! Shannon from Statuspage here.  👋  With Cyber Monday quickly approaching, we're looking to hear from Atlassian customers – specifically from teams who touch incident response li...

57 views 0 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you