It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to restrict newly added users to specific Jira and Confluence access?

We have the Cloud version of JIRA and Confluence with the default settings.

I just added a new user and they are able to see all Projects, issues, and all Confluence spaces by default.

New users get the default settings jira-users and confluence-users.

How do we tighten things up to restrict new users from seeing things unless explicitly added to the project or group? 

Is there another restrictive permissions theme I can choose from?

4 answers

Hi Barbara,

It depends exactly what you want to restrict, but this should get you started:

The jira-users and confluence-users groups represent all users of JIRA/Confluence.

If you want to restrict particular JIRA projects and Confluence spaces so that they can't be seen by all users, you need to set up groups to represent those who should see them. For example, you could create a group called, say, privileged-users for users who have access to view special projects/spaces. 

Then you can edit your JIRA project and Confluence space permissions so that only users in  privileged-users get to view the special stuff:

  • For JIRA, you can create a new permission scheme, with the browse projects permission only granted to your privileged-users group and not "Any logged in user". Then apply that scheme to the special projects that you want to limit access to.
  • For Confluence, you can edit space permissions for a particular space so that only the privileged-users group has view permission, and confluence-users does not. Permissions are additive, so a user who is in both groups will be able to view. 
    You can also set up default space permissions in a similar way, to apply to newly created spaces.  

Hope this helps a bit.


Thank you. very helpful. JIRA now restricts access and users have to manually be added per project.

How do I do the same in Confluence? New users should be able to login and use (create pages) but manually added to a space in order to view (given a link or request access)?

You can define an own permission scheme as shown here .

There you have the possibility to set permissions for either a specific user group.

If you want to keep it more specific you can also define a new project role and add the needed users to this role (as descirbed in the links)

In the permission scheme you only have to edit two permissions to hide them from unauthorized users:

  • browse project - to make project visible only for the group/project role
  • edit issues - to allow edit issues


Once you've created that permission scheme you have to set this scheme for the projects you want.

(Another possibility would be changing the default permission scheme, but I would not recommand that)

Oh yeah, you are right laugh I was in a hurry and overlooked that... thanks, I just edited the link smile

Thhanks, JIRA works now. Having probs with Confluence though. I want new users to be able to create their own space/page but require them to request access to specific projects (or be given a link)

Hi Barbara,

For Confluence, users are added by default to the confluence-users group.  When you create a space, the confluence-users group is given view access to that space by default.

Users must have access to a space in order to view/create pages.  Confluence provides access to all spaces and pages "out-of-the-box", and you have to restrict access, rather than granting access.

However, you can set up your own user groups and give those groups permissions only to certain space.  You can also go down to the page level and set restrictions on who can view/edit certain pages, so whilst you might give a group permission to view a space, you could also set restrictions on each individual page so that only certain users can view or edit a specific page within that space.


You might find this page and the links in it very useful if you're tying to get your head around users, groups and permissions.

A bit late to the party, but using permission scheme I am trying to allow only one group of external users to have the ability to select/edit watchers inside that group.

In a custom scheme i added Manage Watchers and View Voters and Watchers to that group, but those users still can't enter new watchers, not from their group nor complete jira-login group.

What am I missing? Shouldn't this permission scheme override other global settings?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

1,945 views 8 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you