Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Grant access to selected team-managed project

Hey all, 

I'm new to administrating jira and I'm trying to find a way of granting access to selected projects for external partners.

Initial situation:

  • Jira Cloud Standard Plan
  • Mix of different projects, some company-managed, some team-managed

Desired scenario:

  • External users A,B,C have access to one team-managed project
  • These Users don't have access to any other projects.

Can you please give me some guidance, as I could't find the solution by trying out, nor in the documentation (not for cloud, at least).

Thanks in advance and best regards, 

Jakob

 

2 answers

1 accepted

0 votes
Answer accepted

Hi @Jakob B_ 

For the team-managed projects, the Access permissions are set on a per-project basis, so you can add the users in Project Settings > Access, and choose their level of permissions. You can see more on team-managed project permission levels here.

For the company-managed projects, the permissions are set in the permission scheme used by the project. Here is what I would do for the company-managed projects:

  1. Yourself or any Site Admin could create a new group in the User Management settings, which could be called external-users or external_company_name-users or something that's easily distinguishable. The external users can be added to this group
  2. Create a new permission scheme in Jira, or clone the default permission scheme. Associate the permissions you want with this new group (they will need the Browse issues permission as a minimum)
  3. In all of the projects which you don't want the external users to access, you will need to make sure that 'any logged in user' isn't associated with the Browse Issues permission in the permission scheme. This may mean that internal users will be blocked from viewing the projects, so you might want to replace all of the 'any logged in users' role against the Browse Issues permission with some internal groups, so that existing users will be able to access them still
  4. This group should then be granted access to the product you are using, e.g. Jira Access. This can be done in User Management > Product Access

Hi @Callum Carlile _Automation Consultants_ 

 

thank you for your response. As I feared it seems like there is no solution for my issue without adapting all existing projects and the security concept in general. Let me please just sum that up and, if you could be so kind, double-check if I've missed an important security aspect.

  1. I have to change the permission scheme and the existing project permissions in a way that 'any logged in user' isn't associated with the Browse Issues permission. That would be the default.
  2. I have to change the permission scheme and the existing project permissions in a way that, e.g. the group jira-software-users (which contains all internal users) grants access to the projects. That would be default, too.
  3. All external users will be members of a group with jira product access. External users may never be members of the jira-software-users group.
  4. I manually add a group for external users to the permission of the project I want to share. (Team-managed project)

 

Provided everything is correct as I have described: How would I protect my colleagues from  accidentally sharing team managed projects with external people, apart from standard procedures and trainings? I know, administrating defaults would conflict with the team-managed attempt. On the other hand, I cannot expect users of team-managed projects to understand the importance of the permissions structure.

@Jakob B_ Yeah that all looks correct to me - when you say 'that would be the default', do you mean you would make this change on the default Jira permission scheme? If you do, then great - I would recommend this so that whenever a new project is created, external users wouldn't be able to access it.

I don't think there is a way to block certain users from being added to team-managed projects. You would hope that this wouldn't be done accidentally, as a project admin would need to manually type in the user's name or email address and assign them a role/permission level, so hopefully they would know if the user is internal or external

Like Jakob B_ likes this

Hi @Callum Carlile _Automation Consultants_ 

thank you for being so helpful and sorry for my late response. Yes, the plan is to make the mentioned changes on the default Jira permission scheme. Just one more question, as I have not yet started with the implementation: would the change of default permissions scheme also have an effect on team-managed projects? Because if not, it wouldn't be very helpful for my organisation.

@Jakob B_ No worries! And yes that's correct - all of the 'schemes' in Jira only apply to company-managed projects, team-managed projects have their individual permissions which are managed on a per-project basis

Like Jakob B_ likes this

Thank you, @Callum Carlile _Automation Consultants_ 

 

I'm just thinking about the consequences for my organization. 

Suppose I would implement everything as said before: I have external users with product access and I have adapted all project permissions so that they can only see the one project they are contributing to. 

Now, any of my colleagues will start a new team-managed project. He or she might not know about the need to restrict permissions in order to exclude all external users from their project. I see a real danger of accidentally sharing sensitive information.

 

  • Question at all: Are other people/organizations facing the same problem and if so, can anyone provide a best practice to to deal with that?
  • Question at Team Atlassian: Do you also see a problem here and if so, are you working on a solution?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Marketplace Apps & Integrations

☕️ Monday coffee with Jexo: Weekly Atlassian news roundup | 21st June 2021

Hi community 👋, as every Monday we're bringing you a quick update on what happened in the Atlassian ecosystem last week. There were a few interesting events like for example the announcement of th...

56 views 0 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you