Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,462,545
Community Members
 
Community Events
176
Community Groups

How to set by default Access to Private for a next-gen project ?

We have created some specific group for users external to the company and we are able to manage access to different Jira project with theses group.

As we cannot define by default the Access parameters for the next-gen project, if one of our user is created a next-gen project without setting the access to Private, all internal and external users have access to the project.

How to configure this ?

4 answers

At a bare minimum it should be possible to change the default security setting, needing to rely on users to set the security setting perfectly every time is a recipe for chaos.

Please set the default to Private, Open is a really bad choice for the default, to make this stuff even worst, if you give access to people in JIRA and do the proper incantations so they can only see 1 project, to your surprise,  they will have access to all Next-gen project that are Open or even Limited. This is bad.

 

Please change the default to Private, at least in this way users will know they have to set access correctly, because no one except them will have visibility of the project.

Hi Dominique,

Next-gen projects are independent projects, that's why users can create this type of project, because fields and issue types, for example, are specific for the project, it won't affect any other next-gen or classic project.

If they created the project without setting it to private, they can change the access by going to Project settings > Details.

Hope this helps!
If you have any other questions, please let us know.

Regards,
Angélica

Hi Angelica,

Thanks for your answer, but as user are not aware or interested by "security", the question is not "how to change access mode", but how to set by default, for all next-gen project the access mode to "Private".

If not possible, it's unbelievable that Atlassian integrate new features without taking care of security criteria. When you have more than 150 users, you cannot verify all the settings...

Best regards

Like Juan Magana Morales likes this

Hi Dominique,

Currently, the default access will be "Open" unless they change before creating the project.
We have a feature request suggesting the implementation of this ability:

https://jira.atlassian.com/browse/JSWCLOUD-17234

Please, click on vote and watch to receive updates about the feature.

Regards,
Angélica

We also just discovered to our horror that next-gen projects are open by default.

What on earth made Atlassian think this was a sensible security default!?

Like # people like this

I concur, this is a terrible security setting to choose as the default and this is made even worse by not allowing the default to be changed.

Like # people like this

i agree this is terrible from security perspective. Should change asap. Will vote for this change.

Like # people like this

@Angélica Luz it is a security breach that the default of any project is set to Open. Can this default be set to Private?

I have also voted and placed my comment on the JSWCLOUD-17234

0 votes

Hello @David Ferrer Llanes,

It's not possible to change this setting.

When I answered this question in 2019 the project creation screen was different and now, when creating a new team-managed (former next-gen) project, no access is set by default, the person who is creating the project must select the access level and the first option is the Private one.

Screen Shot 2022-01-05 at 15.19.26.png

As mentioned on the feature request ticket, they are not working to implement this feature and we will need to wait for further updates.

Kind regards,
Angélica

Thanks for your reply, but this means everyone within the account will be able to see other projects if this is not set to private as per default.

I am sure that many accounts are managing different 3rd party vendors will lead to sharing internal or from other external Project information to be mislead.

As you might be aware, a lot of Jira users will just click through things and will disregard the settings. Not making this Private as per default is not ideal for legal and compliance

This issue and not being able to configure the columns for boards through the rest API is really making our Jira Board automation, not so automated. 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events