Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Atlassian Enterprise - How to limit user access to certain sites?

Hi everyone, 

I have a question concerning Atlassian Cloud Enterprise.

My customer has Atlassian Enterprise with multiple sites. The users are provisioned using Atlassian Access and Azure Active Directory (they are all in single directory). The customer has multiple sites. 


How to limit user access to certain sites. User A should have only access to site1. So if I go to site2 and try to mention the user or assign him a ticket, the user should not be visible. The user must not be able to access the site2. 

Thank you for your answers.

1 answer

1 accepted

1 vote
Answer accepted

Atlassian does not do general access by restriction, it does it permissively.  That is you say "this person can", rather than "this person can not".

To do this, the applications all have a simple rule - they have a list of user groups that say "a person in this group is a user of this application".  By default, the applications have a single group for this, and it's usually clearly named - confluence-users, jira-software-users etc.

In a multi-instance site such as yours, if you've gone with the defaults, then you'll have set up a situation where all your people are in a set of directories that name them as "jira users".  It's quite likely that Jira-1, Jira-2 and Jira-3 are all using the default "jira users" group, so everyone who needs to use any of your Jira systems is added in that group and hence ends up with access to all of them.

To change this, you'll need to do some restructuring.  By all means, leave the jira users group as it is, but for a Jira system that should not be letting some people be users, change the access model.  Set it up so that it only recognises people of a different group as being its users.  I mean, do something like create and populate groups like jira-1-users, jira-2-users, jira-3-users, and then change Jira-1's "application access" so that it uses jira-1-users to say who can use it, and similarly for the others.

Thanks Nic. The problem is with users provisioned with Atlassian Access and Azure active directory. I contacted Atlassian support and they confirmed that even with limiting access of certain users to certain sites, these users might be searchable under sites where they don't have access to. There is a ticket to fix this:

Hope it will be fixed very soon to increase the acceptance for enterprise customers 

Suggest an answer

Log in or Sign up to answer
Site Admin
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

275 views 8 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you