You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I want to have a group of users that can only access 1 specific project.
I created a group for application access (external-group) so those users now belong only to this group.
Although, I saw that if a project lead add this group to a role of his project the users gain permissions to the project....
Is there a way either this group to be visible only for the 1 project it should have access to or any other way to forbid their access to other projects?
Hello @Iro Karavasili sounds like you managed to set the permissions schemes right so only the group can see the projects when the group is added to a certain role. Once you are there you can only audit that nobody else with permissions add that group to other projects. If you can spare an extra account, add it to that group and subscribe it to a filter that brings issues that are not from the project they are supposed to see. If the account receives an email with results you'll have to fix those permissions right away.
That could be a simple solution without depending on development to achieve something similar
thank you for the reply.
Let's be more specific to explain better what I want to do.
External group should have access only to project A.
If an admin of another project (eg project B) assign external group( or the name of users that belong to this group) to project B then those users gain access to the project.
In Project's B permission scheme the permissions are granted to roles not to group.
I did not understand what you mean here
Once you are there you can only audit that nobody else with permissions add that group to other projects
I hope I am following you - but you are not going to be able to control who the administrators for Project B wish to grant access to their project. If they choose the external group, you can't prevent that.
It is more education that anything. You might could label the external group with a name that is clearly meant only for Project A. Something like:
Project A Group Only - Do NOT Use With Other Progrects
I know that's a weird name, but someone would have to be defiant to grant that group permissions in another project.
Thank you @John Funk for the reply.
That's a good tip (from nothing). :P
Generally regarding permissions, from what I've seen in Jira, (if you do not use a plugin) there are only options to grant users permissions (eg to jira application or to a project) via permission/security schemes etc.
I have not found a way to do the opposite...
The other option might be to create a Permission Scheme that grants permissions to specific users. But if you have a lot of people in the External Group that would get unruly.