You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We have an auditor that needs to view and monitor one specific project. The project type is company-managed. Permission schemes appear to control access across all company-managed projects but doesn't appear to provide any scoping mechanism.
Hello @Randall Okon
For Company Managed projects Permission Schemes are used to manage the permissions within a project.
A single Permission Scheme can be used by multiple projects.
Within the Permission Scheme the primary permission for being able to view the content of the project is the Browse Projects permission.
Permissions schemes can be configured to grant the permissions to User Groups, to Project Roles, to individual users, and other options.
When you grant a permission based on a User Group, all members of that user group get that permission in that project. If the Permission Scheme is used for multiple projects then that group of users has that permission in all those projects.
When you grant a permission to a Project Role, then the users assigned that Project Role in the individual project get that permission for that project. The Permission scheme may be used by multiple projects, but the permission within each project will be granted only to the users in the Project Role in that one project.
In that way you can have a shared permission scheme and still manage permissions at the project level by managing which users are assigned to Roles in each project.
So, you may need to adjust the Permission Schemes to meet your needs.
You must grant your auditor Product Access for them to be able to access the Jira data, so you would need to make sure none of the permission schemes use Any Logged In User in the Browse project permission. The auditor will be able to see any project where the Permission scheme is configured in that manner.
If the Browse Project permission has been granted to user groups, then you would need to make sure the Auditor was in a user group that has the permission for only the one project you want the auditor to see. If you are using a shared Permission Scheme, that might not be possible. You may need to create a copy of the Permission Scheme so you can customize it for your one project.
If the Browse Permission is only granted based on Project Roles, across all Permission Schemes, then you need only add the auditor to the appropriate Role in the one project they need to see. You would need to ensure that being a member of that Role in that Project did not give the auditor access to other permissions in that project which they should not have.
I hope that helps provide some clarity. Please don't hesitate to ask more questions if you need more information.