Auth only user can browse all projects after switching to Role based Access

All,

I have a need to provide access for external, competing customers to my Jira instance. Currently, most of my projects are configured with Role-based access. When I create a test user and place them in a group that has the Global Permission of "Jira Users" it can still see all of the project names. It cannot see any issues or anything inside the Project, but the Project Name is still browsable. At the same time, I have created 4 new projects solely with Group-based access. These new projects cannot be viewed by this limited test account. Is there some hidden attribute/permission that I need to remove from my projects so they do not appear to my customer logins?

1 answer

I suppose that

1. your competing customers are inserted in one or more roles (as single user or in a group) in "Browse Projects" permission or

2. your competing customers are inserted directly as single user or Group to "Browse Projects" permission.

3. Or you add one of these permisions: "User Custom Field Value", "Group Custom Field Value", "Current Assignee" or "Reporter" to "Browse Projects" permission. In that case users can see project name automatically (without being inserted in Custom Field, Group Custom Field or as reporter...).

>> Question: Is there some hidden attribute/permission that I need to remove from my projects so they do not appear to my customer logins?

There are no other hidden attribute/permission that you need to remove from your projects. And it is the same if you add user or group directly to "Browse projects" permission or through roles.

If you want to avoid that all users have access to project names mentioned under third point you need to:
- give access in "Browse Projects" permission only to all users from project and
- additionaly limit access to issues with setting issue security levels. There you can add permislions like "User Custom Field Value", "Group Custom Field Value", "Reporter",...

Thanks Vidic, but this still does not explain why a new user, one that has not been assigned to any roles or groups, and is only part of the global permission "Jira Users" can still see those projects that have role-based access. But not those projects that have group-based access.

I supposed that you add one of these permisions: "User Custom Field Value", "Group Custom Field Value", "Current Assignee" or "Reporter" to "Browse Projects" permission.
Is maybe possible to see permission scheme and roles?

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

151 views 4 7
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you