How to limit project access for unwanted project users? People and internal access difference.

Hi @Vera Valshonok, when coming from server to cloud, there's an important new thing to get to know. Jira cloud has 2 types of projects: team and company managed. Company managed projects are more or less the same as you know from server: they are configured using schemes and have the capability to share a configuration across multiple projects. In these projects, you will find permissions (with the permission scheme you're used to from server) and people (where you can assign users/groups to the roles from your permission scheme). Team managed projects do not exist on server and they are an attempt to make setting up a project easier so "any user can do this". They have some cool new features here and there, but don't share settings with other projects and have simplified versions of configuration in most cases. When you see a project or documentation referring to open / limited / private access, this is a team managed project. Whenever you open a project in cloud, you should see what type of project it is near the bottom right corner of your screen.

I strongly recommend to read up on the differences between these type of projects, so you can determine to what extent you are willing to allow people to set up either type within your cloud site. This support article may be a good starting point; but definitely also check the linked articles about e.g. migrating between the two types, as that article lists some of the clear differences through the risk of data loss.

So, after that introduction: if you migrate a project from server to cloud, it will always be company managed. If you read about configuring things, always verify if the documentation is about the correct project type. Otherwise you may indeed read things you don't see in your project setup.

Finally, setting up access in Jira Service Management has multiple layers. There are global settings as well as separate settings for each JSM project and these impact each other.

This support article explains how you can manage the global access settings for JSM customers. These can be internal customers (people who work for your company) or external ones (folks from other organisations you work for or even individuals who find your portal on the internet).

Who can access your JSM projects is configured inside your projects. But the global access settings may have an impact on the behaviour you see in your project. This support article explains how the global settings may impact project access.

Hope this helps!

@Vera Valshonok -

To supplement what @Walter Buggenhout stated, you can setup and control which projects are exposed in the portal UI based on your users (customers) by changing the configuration for each project's Customer Permissions UI (Project settings >> Customer Permissions's Channel Access setup "Restricted" or "Open" (see following reference link - https://support.atlassian.com/jira-service-management-cloud/docs/change-project-customer-permissions/ for details)

If it is "Restricted", project admins and agents will control who are invited to the project.  If customers are not called in the project as "ServiceDesk Customers" role, then he/she will not see the project(s) in the portal UI, thus cannot interact with those projects at all.

Here are a few other important reference links that you need to fully understand on permission controls for the Cloud env -

• https://confluence.atlassian.com/jirakb/how-to-restrict-customers-access-to-specific-projects-only-in-jira-service-management-917965224.html
• https://confluence.atlassian.com/cloudkb/how-to-restrict-project-access-for-teams-in-jira-cloud-953142266.html
• https://support.atlassian.com/jira-service-management-cloud/docs/change-project-customer-permissions/
• https://support.atlassian.com/jira-cloud-administration/docs/manage-project-permissions/

Hope this also helps.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Technology Applications Team

Viasat Inc.