Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to Configure Company/Vendor Permissions

Our company has just recently started using JIRA and I need to setup access such that employees and vendors have different access.  I have read through some of the posts and it seems that Atlassian has made this process as difficult as they can make it.

My situation:

  • We have 5 projects already defined and in use
  • A small but fast growing group of employee users; need access to most projects
  • Several vendors that we need to give limited access to, each only their specific project(s)

What are the recommended and supported steps to accomplish this?

1 answer

Are you working with Company Managed projects or Team Managed projects? The management of permissions for each is very different.

For a given project, what are the permissions that your vendors need vs. what your employees need?

All of the projects are Company Managed.  The vendors should not be able to see other projects, delete issues they did not create, or notes, etc.  They also cannot close a BUG.  There are a few other things as well.  Employees would have access to pretty much everything, at least for now.  That may change later.

The default setup in JIRA Cloud is that all licensed user typically get added to the User Group named something like jira-software-users. See this article on User Groups.

This User Group is typically set up in the Global Permissions to have some permissions across all the projects to which they have access. The group is also typically set up in the default permission scheme to have most "user"-ish permissions for a project like creating and editing issues. Deleting information, whether it is comments or entire issues, is something you'll need to decide on as a best practice for your company. Typically is not a best practice to allow users to delete issue, as those are then gone forever and not recoverable. See this article on managing project permission schemes.

 

Given that information, this is how I have managed giving vendors limited permissions and limited their access to specific projects.

 

Create additional User Groups for the vendors. I would suggest making a group per vendor. Ad the individual users for each vendor to the appropriate group, and also remove them from the default jira-software-users group.

Then define a generic Project Role that will be used in the Permission Scheme of the project(s) to allocate the permissions you would want your vendors to have.

Then, in each project, assign the specific vendor User Group to that role.

 

Example:

You have Vendor A and you want those people to have limited access to Project A.

You have Vendor B and you want those people to have limited access to Project B.

From Vendor A you have users A1 and A2. From Vendor B you have users B1 and B2.

Create a User Group for Vendor A.

Assign users A1 and A2 to user group Vendor A. Also remove these users from the jira-software-users group.

Create a User Group for Vendor B.

Assign users B1 and B2 to user group Vendor B. Also remove these users from the jira-software-users group.

You will need to update the Global Permissions to also grant some minimal global permissions to the vendor user groups, like Browse Users.

Create a Project Role called Vendors.

In the Permission Scheme associated with the projects where you want vendors to have access, modify the scheme to give limited access to the project role named "Vendors". This group would need things like Browse Projects, Create Issue, Create Comment, etc.

Lastly, in Project A, assign the user group Vendor A to the project role Vendors. And in Project B, assign the user group Vendor B to the project role Vendors.

That will give the users from Vendor A limited access to Project A and only Project A, and give the users from Vendor B limited access to Project B and only Project B

 

Note also that you will have to grant JIRA Software product access to each user account you set up for a person from a vendor, and that will increase your license count.

Hi Trudy,

I went through these steps:

  1. Created User Group “Vendor A”
  2. Assigned users “TestUser” to user group “Vendor A”
  3. Removed “TestUser” from the jira-software-users group
  4. Updated the Global Permissions to grant global permissions to “Vendor A” (Browse Users and Groups, Share dashboards and filters, etc)
  5. Created Project Role called Vendors
  6. Copied “Default software scheme” and renamed to “Company Default software scheme”
  7. Modified scheme to give access to most things except “Browse Project”,”Delete Issues”, etc.  Used “Grant Permission” to Project Role “Vendors”.
  8. “Browse Project” has permissions: Project Role (Administrators)
  9. Created projects “Test Permission 1” and Test Permissions 2”
  10. Associated “Test Permission 1” and Test Permissions 2” with Permission Scheme “Company Default software scheme”
  11. In Product Access I added group “Vendor A”
  12. In Project “Test Permission 1”, assigned the user group “Vendor A” to the project role Vendors
  13. In Project “Test Permission 2” I did not assign “Vendor A”

 

When I sign in as TestUser, I do not see either project “Test Permission 1” nor project “Test Permission 2”.  I expected to see only project “Test Permission 1”.  What am I missing?

Hello Earl,

The Browse Project permission must be granted to the Vendor role. Browse Project within a Permission Scheme is what allows the user to see the project and the issues in the project. 

Of course!  I should have realized that.

It works now.  Thanks!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

241 views 7 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you