Our company is in the process of installing JIRA which will be used for multiple projects. From a security point of view, how can we ensure that particular users have access to projects they are working on? I have tried to look for this over the internet, but haven't found a strong lead.
In a perfect solution, the users would only see projects they work on.
Have a look through https://confluence.atlassian.com/display/JIRA/Managing+Project+Permissionsfor most of what you need.
There is one problem you'll need to address though. By default, Jira puts all users into a group called "jira users" which is used to say "can log into jira". That's fine as it stands, but the defaults then ALSO automatically add this group into the role of "users" in *Every* new project.
You'll need to fix that first. Remove jira-users from the "default groups in a role" in role maintenance, then check that you have not used it in any permission schemes. Then go through all your projeects, removing it from all the roles you find it in - bear in mind you'll need to replace it with another way to let the existing users back into the project - adding them individually or by other groups.
The alternative is to remove jira-users as meaning "can log in" as well as the default group assignment, then create a new group to say "can log in".
Once you've decoupled "jira users" that automatically makes everyone a user in every project, then you'll be able to create users who have no access until your project admins explicitly add them to the projects.
...PermissionsStartOnly=true User=www-data Group=www-data ExecStart=/opt/jira/bin/startup.sh ExecStop=/opt/jira/bin/shutdown.sh TimeoutStartSec=120 TimeoutStopSec=600 PrivateTmp=true [Install] WantedBy...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG