Looking for feedback for the best practice for controlling external access to projects in Jira.
Our goal is to make Jira as secure as possible and confine Client 1 to only Client 1 Projects.
I see two methods of controlling external access to projects in Jira.
Method 1
Create a Group for each Project that has External users called "Project X External Users"
Create a new Permission Scheme for each project that has external users and use the Group created above in the Permission Scheme
Method 2
Create a Group for each Project that has External users called "Project X External Users"
Use the same Permission Scheme for all projects
On each Project that has an external user use the Group created above and assign to the Roles of the project.
Method 1 seems more overhead of permission schemes, when Method 2 works and I don't see Method 1 as any more secure because in either case the Project lead can add folks to the projects at will.