Basically you want to make sure that the project roles and default project roles are setup so that outside people don't have permissions to use a default project.
Initially JIRA will have a jira-users setup to have permission to a new project. But you want to take that out and use another group, say company-users as having the default use project role.
Then when you have a project you do want them to, you can use the individual project role admin to give say a group called external-users access to
The key is to make sure that what ever default settings you have, these don't let external people in.
See the documentation here - http://confluence.atlassian.com/display/JIRA044/Managing+Project+Role+Membership
Also search around answers for other permission related topics as I know it's been answered a few times before
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.