How to restrict newly added users to specific Jira and Confluence access?

We have the Cloud version of JIRA and Confluence with the default settings.

I just added a new user and they are able to see all Projects, issues, and all Confluence spaces by default.

New users get the default settings jira-users and confluence-users.

How do we tighten things up to restrict new users from seeing things unless explicitly added to the project or group? 

Is there another restrictive permissions theme I can choose from?

4 answers

This widget could not be displayed.
Sam Hall Community Champion Jan 19, 2017

Hi Barbara,

It depends exactly what you want to restrict, but this should get you started:

The jira-users and confluence-users groups represent all users of JIRA/Confluence.

If you want to restrict particular JIRA projects and Confluence spaces so that they can't be seen by all users, you need to set up groups to represent those who should see them. For example, you could create a group called, say, privileged-users for users who have access to view special projects/spaces. 

Then you can edit your JIRA project and Confluence space permissions so that only users in  privileged-users get to view the special stuff:

  • For JIRA, you can create a new permission scheme, with the browse projects permission only granted to your privileged-users group and not "Any logged in user". Then apply that scheme to the special projects that you want to limit access to.
  • For Confluence, you can edit space permissions for a particular space so that only the privileged-users group has view permission, and confluence-users does not. Permissions are additive, so a user who is in both groups will be able to view. 
    You can also set up default space permissions in a similar way, to apply to newly created spaces.  

Hope this helps a bit.

Sam

Thank you. very helpful. JIRA now restricts access and users have to manually be added per project.

How do I do the same in Confluence? New users should be able to login and use (create pages) but manually added to a space in order to view (given a link or request access)?

This widget could not be displayed.

You can define an own permission scheme as shown here .

There you have the possibility to set permissions for either a specific user group.

If you want to keep it more specific you can also define a new project role and add the needed users to this role (as descirbed in the links)

In the permission scheme you only have to edit two permissions to hide them from unauthorized users:

  • browse project - to make project visible only for the group/project role
  • edit issues - to allow edit issues

 

Once you've created that permission scheme you have to set this scheme for the projects you want.

(Another possibility would be changing the default permission scheme, but I would not recommand that)

Oh yeah, you are right laugh I was in a hurry and overlooked that... thanks, I just edited the link smile

Thhanks, JIRA works now. Having probs with Confluence though. I want new users to be able to create their own space/page but require them to request access to specific projects (or be given a link)

This widget could not be displayed.

Hi Barbara,

For Confluence, users are added by default to the confluence-users group.  When you create a space, the confluence-users group is given view access to that space by default.

Users must have access to a space in order to view/create pages.  Confluence provides access to all spaces and pages "out-of-the-box", and you have to restrict access, rather than granting access.

However, you can set up your own user groups and give those groups permissions only to certain space.  You can also go down to the page level and set restrictions on who can view/edit certain pages, so whilst you might give a group permission to view a space, you could also set restrictions on each individual page so that only certain users can view or edit a specific page within that space.

 

You might find this page and the links in it very useful if you're tying to get your head around users, groups and permissions.

This widget could not be displayed.

A bit late to the party, but using permission scheme I am trying to allow only one group of external users to have the ability to select/edit watchers inside that group.

In a custom scheme i added Manage Watchers and View Voters and Watchers to that group, but those users still can't enter new watchers, not from their group nor complete jira-login group.

What am I missing? Shouldn't this permission scheme override other global settings?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

120 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you