Previously all users in our Jira software were working on the same project. Now I am about to set up a second project within the Jira software with a different group of people working on it to the first project. I have been asked to set up the permission settings so that only people working on each project can access the board for their project but I struggling to work out which type of permission settings can do this. Is it Groups, User roles or Permission Schemes? Can any provide guidance to setting up the restricted access?
It's all of those things, potentially.
You can't restrict people in Jira, the permissions are totally permissive. To hide a project from someone, you have to remove their access to it.
Start with the permission scheme for the project and look at the "browse" permissions - those define who can see a project, You may find lines in there saying "group = X", "role = Y" or even "any logged in user" - kill off the rule that is letting your users in (obviously, making sure the project users are still included)
Great, I've now copied the scheme and allocated the new scheme to my project.
In the Browse Projects section, does the 'Application Access -Any logged in user' part make the Project role section useless in this case? Or are the both needed?
My thought is to remove the 'Any logged in user' part and create a Group with the people in that will need access? Is that the best way?
Again, spot on, almost.
If you'd said "remove 'any logged in user' and let the desired users in some other way", it would be 100%.
The "almost" is not because "add a group" is wrong, it's absolutely correct, but there is another option you might consider.
I default to using project roles instead of groups. With a group, your administrators (either application or your directory admins) have to add and remove people from the groups. If you use project roles, there's a bit more power than groups because you can get the project administrators to maintain the users - they can edit the users (and groups) in the various roles in the project. You can also reuse the scheme for other projects that want to use different people.
Imagine you've got three sets of people, A, B and C, and several projects that they might be using.
If you do "Browse = group" in a permission scheme, then for each set of projects, you're going to need a different scheme, such that "Browse = group A", "Browse.= group B" and "Browse = group C", and on top of that, your system admins are going to have to maintain the groups.
If however, you have one scheme with "Browse = role: developer", then you can use the same one for all the projects, and your project admins can put groups A, B and C into the role for themselves, and/or name individuals.
Roles might well not be the right model for you, groups might be fine, but I wanted to show you that you have a bit more flexibility!
Thanks Nic for the detailed explanation, this really useful to know.
I think this is my final question now and then I'm sorted. Do the Roles spread across the projects or by creating 'user' does it create multiple roles with the same name, one for each individual project? E.g. If I set 'Browse = role: user' in the permissions scheme that is used for Project A, B and C, can Group A get added to the role: user for Project A separately to the user role in Projects B and C, or is it the case that if I add Group A to the user role, then they would have access to all three projects?
Project roles exist universally across every project, but then contain only project-local users and groups
If you created a role of "Penguin wranglers" then you would see it in all your projects, but you could set up the projects like:
All the project memberships are independent, belonging to each individual project.
👋 Hi there Jira Community! A few months ago we shared with you plans around renaming epics in your company-managed projects. As part of these changes, we highlighted upcoming changes to epics on...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events