Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Can I restrict a JIRA users access to only 1 project?

We have multiple projects and I would like a user to log in and only be able to see one project.

3 answers

1 accepted

1 vote
Answer accepted

Hi Kelsey,

This can definitely be done and here's what I would do:

  1. Copy the Default Permission Scheme
  2. Create a group for the user(s) not allowed to access that project
  3. Create a permission scheme with Browse Project permissions and add everyone to that permission including the group/user(s) you want to access that project
  4. Create a permission scheme for the other projects that everyone else is allowed to access and do not grant Browse Permissions to that group/user(s)

For the project you want that user to see you'll assign the permission scheme that has Browse Project permissions for that group. 

For the projects the user(s) should not have access to you'll want to assign the permission scheme that does not have the Browser Project permission for the group/user(s).

Hopefully that makes sense.  Here are some resources to help you get started creating Permission schemes:

Managing project permissions

Configuring permissions



Thanks Branden this worked!

Thanks for letting me know and I'm glad I was able to help!

Hi Kelsey Schindler, Is it possible to do this without using permission schemes but only groups and roles? We have Jira in cloud. Our issue is similar to Brandens. We have a vendor team that should only access 1 project. But what we want to do is instead of changing the oothers permission we will restrict the permission to these three users. We have made a group for them, but need to know how they can have application access, to log in, but still only see 1 project. Hope you can help me too :)

We have the exact same issue. Is there an easier way to do this instead of moving all users out of Jira-users and modifying every projects permissions?

Like Tudor Munteanu likes this

Oh dear, this is so massively complicated :(

Like # people like this

Right?! Why do I have to change the entire permissions structure for the entire company and all of our projects to restrict access for a single user?  Job security is the only thing I can come up with, but I have a lot of other work that seems way more important.

Like William Moses likes this

A nice global permissions solution for Jira Server:

1) Go to "Administration > Issues > Permission Schemes"
2) Click "Permissions" link under Actions
3) Click to "Remove" any logged in user permissions to browse/edit issues, etc.

Then add users individually to projects they should have access to.

Thank You Maxime Boulat. Your article is the one that helped me at last. It's well written and detailed.

Like Maxime likes this

This was a huge help and the only set of instructions that actually worked for me. Thank you!!!

Like Maxime likes this
0 votes
Joe Pitt Community Leader Jul 04, 2018

You can't move the users out of jira-users. That is how they get logon authority. Every new user will automatically be put in any group with logon authority. 

All the old time users REALLY wish Atlassian would change the default. 

Using the best practice of security user should only have what they need to do their work. You can have just one permission scheme for all projects if you use project roles and have the project admin administer user membership in the project roles.  If a project doesn't need a role simply don't put anyone in it. This can be a major undertaking depending on the size of your instance, but it will solve problems long term. If you have a project were everyone should have access to simply put the jira-user group in the roles they need. 

Actually I found out you can if you add a user to a new group, and then in "Application access configuration" add the new group to "Jira Software" with "Can sign in" option checked.

This will allow users who are not part of Jira-users group to login but not see all projects.

Unfortunately we have a lot of projects in our instance and all have Jira-users permissions by default and it would be a big undertaking to sort it all out.

It is a mess Atlassian created by itself. There should be no implicit allow permissions.

Like # people like this

Hi, I have the same issue.... it's very annoying. If I understand correctly I have to remove the JIRA login users from the default project permissions, then i'll assign people roles, and for our vendor create a new group for them and add that group with developer rights on the project that they can see?

I was just worried about change the default project permissions as there are 60 projects already in our JIRA and don't want to mess the whole thing up!

Like Mike Jones likes this

Suggest an answer

Log in or Sign up to answer