How do I set up external users to only see one project?

Lloyd Bullard April 1, 2024

Hi, 

Google is only giving me legacy answers, or newer answers that are a bit too vague to solve the issue for me. 

I have a company managed Kanban project. I need three external users to be able to access ONLY this project. messing around for the last three hours with a test email account using the permissions schemes and project roles screens in JIRA is not getting me anywhere, either my test email can see everything or it can see nothing. 

help appreciated, I have not found any Atlassian articles that tackle this specific issue and I recall this being pretty straightforward in previous versions of JIRA. 

Kind regards, 

Lloyd

2 answers

0 votes
Becky Brooks - Visor for Jira
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 3, 2024

Hi Lloyd,

Visor allows you to import Jira project(s), add filter/color coding, and then share with whomever you'd like. The data stays in sync with Jira and allows you to control who sees what. Great for providing external stakeholders visibility into your Jira project data. 

https://marketplace.atlassian.com/apps/1226209/visor-flexible-spreadsheet-for-jira-roadmapping-bulk-edits?hosting=cloud&tab=overview

I'm happy to help you get started if you end up going this route. Visor's also free to get started with.

Best wishes,

Becky 

0 votes
Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 1, 2024

Hi @Lloyd Bullard 

Can I confirm...

  • Are the Projects within your instance Team-managed or Company-managed Projects?
  • Are the Projects visible to all internal users at present?

This confirms if there's actions to take on just the one Project, or multiple.

Ste

Lloyd Bullard April 2, 2024

Hi Steven, 

we have a mix of team managed and company managed in our instance, but most currently used projects are company managed. 

there are a small number of very old projects that have been set up to be restricted to a small list of internal users, however they are no longer used and I do not believe the admin who set them up works here any longer. 

I have Full Admin priviledges with access to everything except billing (which is Org Admin)

Thanks, 

 

Lloyd

Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 2, 2024

Hi @Lloyd Bullard 

You'll need to check/modify permissions of existing Projects, before granting the external users access.

---

Team-managed Projects

You'll want to ensure these are not publicly visible based on a user being logged in.

For each Project...

  1. Go to Project Settings > Access
  2. Check the project access level - and if it's not "Private", change it to this
  3. Ensure all internal users who need access still have it - you could grant all internal users the "Viewer" role for example, using a Group
  4. You also need to ensure no all-user Group has a role within each Project - otherwise making it Private would be redundant
  5. Repeat for all active Team-managed Projects

You'll need to change manage this if you have Open or Limited Projects - to avoid internal users losing access unexpectedly.

---

Company-managed Projects

You'll need to ensure no Permission Scheme is granting access to all users, or any logged in user.

To do this...

  1. Go to Settings (cog icon in top-right) > Issues
  2. Select Permission schemes from the left-hand menu
  3. Open any active Permission Scheme - i.e a scheme with at least one Project listed against it
  4. Ensure Browse Projects and View aggregated data are not granted to any logged in user, based on application access (i.e to Jira Software), or are assigned to any all-user Groups. If they are, remove this.
  5. Either guide internal users to provide access via Project Roles, or add in internal Groups instead, to allow internal users back into these Projects
  6. Repeat for all active schemes

You still then need to check inside each Project also...

  1. Go to Project Settings > People
  2. Ensure no Project Role is granted to an all-user Group - if it is, remove it and/or replace it with an all-internal-user Group

Similar to Team-managed, you'll need to manage this carefully - especially if internal users have been accessing these Projects without Roles/Groups up to this point.

---

External Users

Finally, you're going to setup access for the External Users.

I would recommend...

  • A user Group, which houses these users
  • A unique, separate Permission Scheme - so these customisations only impact your one Project

You want to grant the External Users at least the "Browse Projects" permission - this gives them access to view the Project's issues. Grant it to their Group. You can also grant them other permissions as needed.

Once you then assign the new Permission Scheme to your Project, the external users should have access!

---

Note

These users will have product access, so even with all these steps, a user could grant them access to another Project via Project Roles.

For Company-managed at least, you could limit this. You could make all Permission Schemes use Groups for Project access, and just use Roles for other permissions. That way, you could centrally manage access as only Admins would have access to modify Group membership.

---

Let us know if you need any additional instructions!

Ste

Lloyd Bullard April 2, 2024

Hi Steven, 

 

Thanks for your in depth answer. investigating the existing projects, nearly all of them would need to be altered to get your above solution to work. As per our current policy, changing all of the projects across the business in the way you describe above will require consultation as different business units are using JIRA in a variety of ways with some odd customizations. outside of that consultation process changing every single project and ensuring the correct users still have access will be arduous. 

 

is there any simpler way for me to ringfence just one project for external users that does not involve altering permissions for all projects? 

 

Kind regards, 

 

Lloyd

Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 2, 2024

Hi @Lloyd Bullard 

Not natively, as far as I know. Without a consistent security model across the platform, it'd be difficult to guarantee any ring fencing is working correctly.

Alternatively, you could...

Ste

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events