Have a look through https://confluence.atlassian.com/display/JIRA/Managing+Project+Permissionsfor most of what you need.
There is one problem you'll need to address though. By default, Jira puts all users into a group called "jira users" which is used to say "can log into jira". That's fine as it stands, but the defaults then ALSO automatically add this group into the role of "users" in *Every* new project.
You'll need to fix that first. Remove jira-users from the "default groups in a role" in role maintenance, then check that you have not used it in any permission schemes. Then go through all your projeects, removing it from all the roles you find it in - bear in mind you'll need to replace it with another way to let the existing users back into the project - adding them individually or by other groups.
The alternative is to remove jira-users as meaning "can log in" as well as the default group assignment, then create a new group to say "can log in".
Once you've decoupled "jira users" that automatically makes everyone a user in every project, then you'll be able to create users who have no access until your project admins explicitly add them to the projects.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.