Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Enterprise - How to limit user access to certain sites?

Yassin BEN-NACEUR _FlowZess_
Yassin BEN-NACEUR _FlowZess_ May 31, 2021

Hi everyone, 

I have a question concerning Atlassian Cloud Enterprise.

My customer has Atlassian Enterprise with multiple sites. The users are provisioned using Atlassian Access and Azure Active Directory (they are all in single directory). The customer has multiple sites. 

 

How to limit user access to certain sites. User A should have only access to site1. So if I go to site2 and try to mention the user or assign him a ticket, the user should not be visible. The user must not be able to access the site2. 

Thank you for your answers.

Answer
Watch
Like Be the first to like this
465 views

1 answer

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 31, 2021

Atlassian does not do general access by restriction, it does it permissively.  That is you say "this person can", rather than "this person can not".

To do this, the applications all have a simple rule - they have a list of user groups that say "a person in this group is a user of this application".  By default, the applications have a single group for this, and it's usually clearly named - confluence-users, jira-software-users etc.

In a multi-instance site such as yours, if you've gone with the defaults, then you'll have set up a situation where all your people are in a set of directories that name them as "jira users".  It's quite likely that Jira-1, Jira-2 and Jira-3 are all using the default "jira users" group, so everyone who needs to use any of your Jira systems is added in that group and hence ends up with access to all of them.

To change this, you'll need to do some restructuring.  By all means, leave the jira users group as it is, but for a Jira system that should not be letting some people be users, change the access model.  Set it up so that it only recognises people of a different group as being its users.  I mean, do something like create and populate groups like jira-1-users, jira-2-users, jira-3-users, and then change Jira-1's "application access" so that it uses jira-1-users to say who can use it, and similarly for the others.

View More Comments
Yassin BEN-NACEUR _FlowZess_
Yassin BEN-NACEUR _FlowZess_ June 2, 2021

Thanks Nic. The problem is with users provisioned with Atlassian Access and Azure active directory. I contacted Atlassian support and they confirmed that even with limiting access of certain users to certain sites, these users might be searchable under sites where they don't have access to. There is a ticket to fix this: https://jira.atlassian.com/browse/ACCESS-977

Hope it will be fixed very soon to increase the acceptance for enterprise customers 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events