Our company has just recently started using JIRA and I need to setup access such that employees and vendors have different access. I have read through some of the posts and it seems that Atlassian has made this process as difficult as they can make it.
What are the recommended and supported steps to accomplish this?
All of the projects are Company Managed. The vendors should not be able to see other projects, delete issues they did not create, or notes, etc. They also cannot close a BUG. There are a few other things as well. Employees would have access to pretty much everything, at least for now. That may change later.
The default setup in JIRA Cloud is that all licensed user typically get added to the User Group named something like jira-software-users. See this article on User Groups.
This User Group is typically set up in the Global Permissions to have some permissions across all the projects to which they have access. The group is also typically set up in the default permission scheme to have most "user"-ish permissions for a project like creating and editing issues. Deleting information, whether it is comments or entire issues, is something you'll need to decide on as a best practice for your company. Typically is not a best practice to allow users to delete issue, as those are then gone forever and not recoverable. See this article on managing project permission schemes.
Given that information, this is how I have managed giving vendors limited permissions and limited their access to specific projects.
Create additional User Groups for the vendors. I would suggest making a group per vendor. Ad the individual users for each vendor to the appropriate group, and also remove them from the default jira-software-users group.
Then define a generic Project Role that will be used in the Permission Scheme of the project(s) to allocate the permissions you would want your vendors to have.
Then, in each project, assign the specific vendor User Group to that role.
You have Vendor A and you want those people to have limited access to Project A.
You have Vendor B and you want those people to have limited access to Project B.
From Vendor A you have users A1 and A2. From Vendor B you have users B1 and B2.
Create a User Group for Vendor A.
Assign users A1 and A2 to user group Vendor A. Also remove these users from the jira-software-users group.
Create a User Group for Vendor B.
Assign users B1 and B2 to user group Vendor B. Also remove these users from the jira-software-users group.
You will need to update the Global Permissions to also grant some minimal global permissions to the vendor user groups, like Browse Users.
Create a Project Role called Vendors.
In the Permission Scheme associated with the projects where you want vendors to have access, modify the scheme to give limited access to the project role named "Vendors". This group would need things like Browse Projects, Create Issue, Create Comment, etc.
Lastly, in Project A, assign the user group Vendor A to the project role Vendors. And in Project B, assign the user group Vendor B to the project role Vendors.
That will give the users from Vendor A limited access to Project A and only Project A, and give the users from Vendor B limited access to Project B and only Project B
Note also that you will have to grant JIRA Software product access to each user account you set up for a person from a vendor, and that will increase your license count.
I went through these steps:
When I sign in as TestUser, I do not see either project “Test Permission 1” nor project “Test Permission 2”. I expected to see only project “Test Permission 1”. What am I missing?
For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events