Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to set by default Access to Private for a next-gen project ?

We have created some specific group for users external to the company and we are able to manage access to different Jira project with theses group.

As we cannot define by default the Access parameters for the next-gen project, if one of our user is created a next-gen project without setting the access to Private, all internal and external users have access to the project.

How to configure this ?

4 answers

Please set the default to Private, Open is a really bad choice for the default, to make this stuff even worst, if you give access to people in JIRA and do the proper incantations so they can only see 1 project, to your surprise,  they will have access to all Next-gen project that are Open or even Limited. This is bad.

 

Please change the default to Private, at least in this way users will know they have to set access correctly, because no one except them will have visibility of the project.

At a bare minimum it should be possible to change the default security setting, needing to rely on users to set the security setting perfectly every time is a recipe for chaos.

Hi Dominique,

Next-gen projects are independent projects, that's why users can create this type of project, because fields and issue types, for example, are specific for the project, it won't affect any other next-gen or classic project.

If they created the project without setting it to private, they can change the access by going to Project settings > Details.

Hope this helps!
If you have any other questions, please let us know.

Regards,
Angélica

Hi Angelica,

Thanks for your answer, but as user are not aware or interested by "security", the question is not "how to change access mode", but how to set by default, for all next-gen project the access mode to "Private".

If not possible, it's unbelievable that Atlassian integrate new features without taking care of security criteria. When you have more than 150 users, you cannot verify all the settings...

Best regards

Hi Dominique,

Currently, the default access will be "Open" unless they change before creating the project.
We have a feature request suggesting the implementation of this ability:

https://jira.atlassian.com/browse/JSWCLOUD-17234

Please, click on vote and watch to receive updates about the feature.

Regards,
Angélica

We also just discovered to our horror that next-gen projects are open by default.

What on earth made Atlassian think this was a sensible security default!?

Like # people like this

I concur, this is a terrible security setting to choose as the default and this is made even worse by not allowing the default to be changed.

Like # people like this

i agree this is terrible from security perspective. Should change asap. Will vote for this change.

Like # people like this

@Angélica Luz it is a security breach that the default of any project is set to Open. Can this default be set to Private?

I have also voted and placed my comment on the JSWCLOUD-17234

0 votes

Hello @David Ferrer Llanes,

It's not possible to change this setting.

When I answered this question in 2019 the project creation screen was different and now, when creating a new team-managed (former next-gen) project, no access is set by default, the person who is creating the project must select the access level and the first option is the Private one.

Screen Shot 2022-01-05 at 15.19.26.png

As mentioned on the feature request ticket, they are not working to implement this feature and we will need to wait for further updates.

Kind regards,
Angélica

Thanks for your reply, but this means everyone within the account will be able to see other projects if this is not set to private as per default.

I am sure that many accounts are managing different 3rd party vendors will lead to sharing internal or from other external Project information to be mislead.

As you might be aware, a lot of Jira users will just click through things and will disregard the settings. Not making this Private as per default is not ideal for legal and compliance

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Do you use Jira Cloud with Microsoft Teams?

Hi, Jira users! Do you use Jira alongside Microsoft Teams? We want to hear how you’ve used the power of Jira Cloud and Microsoft Teams (via the Jira Cloud for Microsoft Teams app) to achieve a team...

530 views 1 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you