Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,702
Community Members
 
Community Events
184
Community Groups

Managing users' access in Jira using groups

Nelphy Rose Siby
Nelphy Rose Siby May 10, 2023

Could you please refer the below screenshot and let me know if the user mentioned has access to that particular project. I assigned this user to a different user group and I want this user to access only that project assigned for this group.

If this is not the way to do this, please advise! My requirement is to give the users access to a particular project only!
jira question.png

Answer
Watch
Like Be the first to like this
362 views

1 answer

0 votes
Walter Buggenhout _ACA IT_
Walter Buggenhout _ACA IT_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 10, 2023

Hi @Nelphy Rose Siby,

To verify if the user has access to the project, you should select the browse project permission where you now have selected Administer projects.

If you then get the same result as on your screenshot, Mark does not have access. The first 2 lines are not relevant in this case. The red cross next to the Project role is what matters here. You can just ignore the lines where you see xx does not override this permission.

Hope this helps! 

View More Comments
Nelphy Rose Siby
Nelphy Rose Siby May 10, 2023 • edited

Thank you for your response, Walter.
I switched it to Browse Project and its showing the same result (See screenshots below). However, the user has reported that he can access all our projects. 

Also, the status is confusing. It says, Mark has the permission after a cross sign.
Mark's user details is also included below.

Please advise!

Jira Question 2.pngJira Question 3.png

Like
Walter Buggenhout _ACA IT_
Walter Buggenhout _ACA IT_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 10, 2023

Hi @Nelphy Rose Siby,

I do not know how your environment is configured, so it is hard to tell what exactly is going on. If the user says he can access all projects and that is as intended, then you have an important thing covered.

I do understand that you want to (and should) understand your own settings, obviously. My guess is that the permission scheme(s) you use are granting permissions to any logged in user (or even public access, but I rather think any logged in user). That means that anyone logged into Jira automatically can access any project using that permission scheme without the need of any additional configuration. That would explain why Mark has access.

As to the messages you see in the permission helper, that rather points in the direction that the account you used to run the checks may not have all the required permissions to properly analyse the project permissions. You may be lacking project admin permissions, which may explain why Jira can't properly retrieve the actual permission name you are trying to validate.

On a final note, I would recommend not to share user information in so many details here (referring to the screenshot of Mark's user profile). This is a publicly available forum, so if you share user details, blank out key details like mail addresses etc.

Like
Nelphy Rose Siby
Nelphy Rose Siby May 10, 2023

Got it, Walter.

This is what I intended to do. Mark is one of our clients and we want to give him access to his project only. I added him as an user and added him to a newly created group. This group is included in the Browse Projects section of the Permission scheme (created a separate one for Mark's project) along with my organization's users. (see screenshot below).

The remaining projects in my Jira cloud are using the default scheme and this scheme's browse project permission is configured as shown (note that Mark is not a part of either the Group (jira-software-users-tunagroup) or the Project Role (atlassian-addons-project-access)). 

My understanding is that, if it is configured this way, then Mark should only be able to browse the projects using the MGM scheme and not the default scheme. 

Please see the screenshots shown below and let me know if there is any other setting I need to do so that I can restrict Mark from seeing projects other than his own. 

Default scheme setting.pngMGM scheme.png

Like
Walter Buggenhout _ACA IT_
Walter Buggenhout _ACA IT_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 10, 2023

Hi @Nelphy Rose Siby,

If these are the only schemes you are using, the default scheme is linked to all projects except Mark's and the MGM scheme is linked Mark's project only, then this should work (in terms of just granting access).

However, a couple of notes:

  • I see that you use groups in your permission schemes to grant permissions. While that works technically, it is not really best practice. It is recommended to use project roles in your permission schemes (such as administrator, developer, ...) and link user groups to those roles in each project (Project settings > People). That would allow you to limit the number of permission schemes and delegate user management to project administrators.
  • You seem to have removed the project role atlassian-addons-project-access from the second project. Put it back 😅! This role is required for app functionality to properly work and may be the reason why you are getting strange results from the permission helper
  • By granting the browse project permission in the new permission scheme, you allowed the user(s) just to see the project and what's in there. But you need to enable all the other permissions that you want to give your users too. To create issues, you do need the Create issues permission. Or to change the status of an issue, you need Transition issues permission, and so on. For more details on all permissions, see this support article
Like
Nelphy Rose Siby
Nelphy Rose Siby May 11, 2023 • edited

Will definitely try this. Thank you, Walter

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Software
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

See all events