This can definitely be done and here's what I would do:
For the project you want that user to see you'll assign the permission scheme that has Browse Project permissions for that group.
For the projects the user(s) should not have access to you'll want to assign the permission scheme that does not have the Browser Project permission for the group/user(s).
Hopefully that makes sense. Here are some resources to help you get started creating Permission schemes:
Hi Kelsey Schindler, Is it possible to do this without using permission schemes but only groups and roles? We have Jira in cloud. Our issue is similar to Brandens. We have a vendor team that should only access 1 project. But what we want to do is instead of changing the oothers permission we will restrict the permission to these three users. We have made a group for them, but need to know how they can have application access, to log in, but still only see 1 project. Hope you can help me too :)
A nice global permissions solution for Jira Server:
1) Go to "Administration > Issues > Permission Schemes"
2) Click "Permissions" link under Actions
3) Click to "Remove" any logged in user permissions to browse/edit issues, etc.
Then add users individually to projects they should have access to.
You can't move the users out of jira-users. That is how they get logon authority. Every new user will automatically be put in any group with logon authority.
All the old time users REALLY wish Atlassian would change the default.
Using the best practice of security user should only have what they need to do their work. You can have just one permission scheme for all projects if you use project roles and have the project admin administer user membership in the project roles. If a project doesn't need a role simply don't put anyone in it. This can be a major undertaking depending on the size of your instance, but it will solve problems long term. If you have a project were everyone should have access to simply put the jira-user group in the roles they need.
Actually I found out you can if you add a user to a new group, and then in "Application access configuration" add the new group to "Jira Software" with "Can sign in" option checked.
This will allow users who are not part of Jira-users group to login but not see all projects.
Unfortunately we have a lot of projects in our instance and all have Jira-users permissions by default and it would be a big undertaking to sort it all out.
It is a mess Atlassian created by itself. There should be no implicit allow permissions.
Hi, I have the same issue.... it's very annoying. If I understand correctly I have to remove the JIRA login users from the default project permissions, then i'll assign people roles, and for our vendor create a new group for them and add that group with developer rights on the project that they can see?
I was just worried about change the default project permissions as there are 60 projects already in our JIRA and don't want to mess the whole thing up!