How to Configure Company/Vendor Permissions

Earl Griffin May 14, 2021

Our company has just recently started using JIRA and I need to setup access such that employees and vendors have different access.  I have read through some of the posts and it seems that Atlassian has made this process as difficult as they can make it.

My situation:

  • We have 5 projects already defined and in use
  • A small but fast growing group of employee users; need access to most projects
  • Several vendors that we need to give limited access to, each only their specific project(s)

What are the recommended and supported steps to accomplish this?

1 answer

0 votes
Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 14, 2021

Are you working with Company Managed projects or Team Managed projects? The management of permissions for each is very different.

For a given project, what are the permissions that your vendors need vs. what your employees need?

Earl Griffin May 14, 2021

All of the projects are Company Managed.  The vendors should not be able to see other projects, delete issues they did not create, or notes, etc.  They also cannot close a BUG.  There are a few other things as well.  Employees would have access to pretty much everything, at least for now.  That may change later.

Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 14, 2021

The default setup in JIRA Cloud is that all licensed user typically get added to the User Group named something like jira-software-users. See this article on User Groups.

This User Group is typically set up in the Global Permissions to have some permissions across all the projects to which they have access. The group is also typically set up in the default permission scheme to have most "user"-ish permissions for a project like creating and editing issues. Deleting information, whether it is comments or entire issues, is something you'll need to decide on as a best practice for your company. Typically is not a best practice to allow users to delete issue, as those are then gone forever and not recoverable. See this article on managing project permission schemes.

 

Given that information, this is how I have managed giving vendors limited permissions and limited their access to specific projects.

 

Create additional User Groups for the vendors. I would suggest making a group per vendor. Ad the individual users for each vendor to the appropriate group, and also remove them from the default jira-software-users group.

Then define a generic Project Role that will be used in the Permission Scheme of the project(s) to allocate the permissions you would want your vendors to have.

Then, in each project, assign the specific vendor User Group to that role.

 

Example:

You have Vendor A and you want those people to have limited access to Project A.

You have Vendor B and you want those people to have limited access to Project B.

From Vendor A you have users A1 and A2. From Vendor B you have users B1 and B2.

Create a User Group for Vendor A.

Assign users A1 and A2 to user group Vendor A. Also remove these users from the jira-software-users group.

Create a User Group for Vendor B.

Assign users B1 and B2 to user group Vendor B. Also remove these users from the jira-software-users group.

You will need to update the Global Permissions to also grant some minimal global permissions to the vendor user groups, like Browse Users.

Create a Project Role called Vendors.

In the Permission Scheme associated with the projects where you want vendors to have access, modify the scheme to give limited access to the project role named "Vendors". This group would need things like Browse Projects, Create Issue, Create Comment, etc.

Lastly, in Project A, assign the user group Vendor A to the project role Vendors. And in Project B, assign the user group Vendor B to the project role Vendors.

That will give the users from Vendor A limited access to Project A and only Project A, and give the users from Vendor B limited access to Project B and only Project B

 

Note also that you will have to grant JIRA Software product access to each user account you set up for a person from a vendor, and that will increase your license count.

Earl Griffin May 17, 2021

Hi Trudy,

I went through these steps:

  1. Created User Group “Vendor A”
  2. Assigned users “TestUser” to user group “Vendor A”
  3. Removed “TestUser” from the jira-software-users group
  4. Updated the Global Permissions to grant global permissions to “Vendor A” (Browse Users and Groups, Share dashboards and filters, etc)
  5. Created Project Role called Vendors
  6. Copied “Default software scheme” and renamed to “Company Default software scheme”
  7. Modified scheme to give access to most things except “Browse Project”,”Delete Issues”, etc.  Used “Grant Permission” to Project Role “Vendors”.
  8. “Browse Project” has permissions: Project Role (Administrators)
  9. Created projects “Test Permission 1” and Test Permissions 2”
  10. Associated “Test Permission 1” and Test Permissions 2” with Permission Scheme “Company Default software scheme”
  11. In Product Access I added group “Vendor A”
  12. In Project “Test Permission 1”, assigned the user group “Vendor A” to the project role Vendors
  13. In Project “Test Permission 2” I did not assign “Vendor A”

 

When I sign in as TestUser, I do not see either project “Test Permission 1” nor project “Test Permission 2”.  I expected to see only project “Test Permission 1”.  What am I missing?

Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 17, 2021

Hello Earl,

The Browse Project permission must be granted to the Vendor role. Browse Project within a Permission Scheme is what allows the user to see the project and the issues in the project. 

Earl Griffin May 17, 2021

Of course!  I should have realized that.

It works now.  Thanks!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events