Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Grant access to selected team-managed project

Jakob B_
Jakob B_ May 31, 2021

Hey all, 

I'm new to administrating jira and I'm trying to find a way of granting access to selected projects for external partners.

Initial situation:

  • Jira Cloud Standard Plan
  • Mix of different projects, some company-managed, some team-managed

Desired scenario:

  • External users A,B,C have access to one team-managed project
  • These Users don't have access to any other projects.

Can you please give me some guidance, as I could't find the solution by trying out, nor in the documentation (not for cloud, at least).

Thanks in advance and best regards, 

Jakob

 

Answer
Watch
Like Be the first to like this
1038 views

2 answers

1 accepted

0 votes
Answer accepted
Callum Carlile _Automation Consultants_
Callum Carlile _Automation Consultants_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 1, 2021

Hi @Jakob B_ 

For the team-managed projects, the Access permissions are set on a per-project basis, so you can add the users in Project Settings > Access, and choose their level of permissions. You can see more on team-managed project permission levels here.

For the company-managed projects, the permissions are set in the permission scheme used by the project. Here is what I would do for the company-managed projects:

  1. Yourself or any Site Admin could create a new group in the User Management settings, which could be called external-users or external_company_name-users or something that's easily distinguishable. The external users can be added to this group
  2. Create a new permission scheme in Jira, or clone the default permission scheme. Associate the permissions you want with this new group (they will need the Browse issues permission as a minimum)
  3. In all of the projects which you don't want the external users to access, you will need to make sure that 'any logged in user' isn't associated with the Browse Issues permission in the permission scheme. This may mean that internal users will be blocked from viewing the projects, so you might want to replace all of the 'any logged in users' role against the Browse Issues permission with some internal groups, so that existing users will be able to access them still
  4. This group should then be granted access to the product you are using, e.g. Jira Access. This can be done in User Management > Product Access
View More Comments
Jakob B_
Jakob B_ June 2, 2021

Hi @Callum Carlile _Automation Consultants_ 

 

thank you for your response. As I feared it seems like there is no solution for my issue without adapting all existing projects and the security concept in general. Let me please just sum that up and, if you could be so kind, double-check if I've missed an important security aspect.

  1. I have to change the permission scheme and the existing project permissions in a way that 'any logged in user' isn't associated with the Browse Issues permission. That would be the default.
  2. I have to change the permission scheme and the existing project permissions in a way that, e.g. the group jira-software-users (which contains all internal users) grants access to the projects. That would be default, too.
  3. All external users will be members of a group with jira product access. External users may never be members of the jira-software-users group.
  4. I manually add a group for external users to the permission of the project I want to share. (Team-managed project)

 

Provided everything is correct as I have described: How would I protect my colleagues from  accidentally sharing team managed projects with external people, apart from standard procedures and trainings? I know, administrating defaults would conflict with the team-managed attempt. On the other hand, I cannot expect users of team-managed projects to understand the importance of the permissions structure.

Like
Callum Carlile _Automation Consultants_
Callum Carlile _Automation Consultants_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 3, 2021

@Jakob B_ Yeah that all looks correct to me - when you say 'that would be the default', do you mean you would make this change on the default Jira permission scheme? If you do, then great - I would recommend this so that whenever a new project is created, external users wouldn't be able to access it.

I don't think there is a way to block certain users from being added to team-managed projects. You would hope that this wouldn't be done accidentally, as a project admin would need to manually type in the user's name or email address and assign them a role/permission level, so hopefully they would know if the user is internal or external

Like Jakob B_ likes this
Jakob B_
Jakob B_ June 7, 2021

Hi @Callum Carlile _Automation Consultants_ 

thank you for being so helpful and sorry for my late response. Yes, the plan is to make the mentioned changes on the default Jira permission scheme. Just one more question, as I have not yet started with the implementation: would the change of default permissions scheme also have an effect on team-managed projects? Because if not, it wouldn't be very helpful for my organisation.

Like
Callum Carlile _Automation Consultants_
Callum Carlile _Automation Consultants_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 7, 2021

@Jakob B_ No worries! And yes that's correct - all of the 'schemes' in Jira only apply to company-managed projects, team-managed projects have their individual permissions which are managed on a per-project basis

Like Jakob B_ likes this
Reply
0 votes
Jakob B_
Jakob B_ June 7, 2021

Thank you, @Callum Carlile _Automation Consultants_ 

 

I'm just thinking about the consequences for my organization. 

Suppose I would implement everything as said before: I have external users with product access and I have adapted all project permissions so that they can only see the one project they are contributing to. 

Now, any of my colleagues will start a new team-managed project. He or she might not know about the need to restrict permissions in order to exclude all external users from their project. I see a real danger of accidentally sharing sensitive information.

 

  • Question at all: Are other people/organizations facing the same problem and if so, can anyone provide a best practice to to deal with that?
  • Question at Team Atlassian: Do you also see a problem here and if so, are you working on a solution?
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events