Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I restrict user groups to projects?

mickey13
mickey13 May 8, 2017

I've already spent a couple hours looking into this.  I figured it would be relatively simple, but not so much.

I created a group for each project I have.  I want the users in each group to only be able to access the project associated with the group I defined.

I'm not concerned with project roles yet.  I just want to restrict what users can even see the projects I want them to.

I haven't been able to find a painless way of doing this in the documentation.  Any ideas?  Thanks.

Answer
Watch
Like # people like this
808 views

5 answers

1 accepted

1 vote
Answer accepted
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 8, 2017

I can think of two possible approaches you can take:

or

  • Add a project role called something like "Viewers". Have a single permission scheme which applies to all your projects (for example, you could use the default permission scheme for this).

    In this permission scheme, only grant the 'Browse users' permission to the "Viewers" role (and admins).

    In each of your projects, use Users and roles to add the appropriate group (and/or users) to the "Viewers" role for that project.
View More Comments
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 8, 2017

p.s. The role-based one is the 'textbook' way of doing it, because it has two advantages:

  • It doesn't require you to create a new permission scheme every time you create a new project.
  • If you wish, it allows you (as a full JIRA admin) to delegate the assignment of project roles to project administrators.
Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 8, 2017

If you go on any JIRA courses, you'll find the experts all agreeing on "use roles".

Groups are to be used in roles, global permissions, and very special cases.  "Never use groups in a permission scheme" is a good start

Like
Reply
1 vote
Joe Pitt
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 8, 2017

JIRA works on a ALLOW, not restrict, permission. This problem usually arises when you put the jira-user group (all users that can logon) in a permission scheme. In essence you have allowed the jira-user group access to every project. In my experience very few projects really need or want that. I suggest setting up project roles and assigning them permissions and they allow the project admins to add users to the roles. It removes the JIRA admin from the equation and gives just those users access that actually need it. If you really want the jira-user group to have permission the project admin can assign the group a role. 

Reply
1 vote
Robin Surland
Robin Surland May 8, 2017

Go to Jira Administration > Issues > Permission Schemes. Then from the Default Permission Scheme, choose Permissions. Under Browse Projects > Edit, change Application Access by unchchecking the Browse Projects object. Now, go into each project and add the group you wish to have access. 

Reply
1 vote
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2017

I hope I am understanding correctly. It sounds like you just need to add each group to a permission scheme, and associate the different permissions schemes with the appropriate projects.

Adding users, groups, or roles to a permission scheme

Deleting users, groups, or roles from a permission scheme (So the wrong groups are not included)

Associating a permission scheme with a project

View More Comments
Robin Surland
Robin Surland May 8, 2017

The fastest way would be to remove jira-software user group from the default security theme (leaving only Jira Admins for example), then add the groups to the accociated projects.

Like
Reply
0 votes
mickey13
mickey13 May 8, 2017

What I ended up doing was:

  • Gear -> System -> Project Roles,
    • create "Developers" role.
  • Gear -> Issues -> Permission schemes -> Default Software Scheme
    • remove 20+ "Application access: Any logged in user"
    • add 20+ "Project role: Developers"
  • Gear -> Projects -> PROJECT -> Users and roles -> Add users to a role
    • find users, add "Developers" Role

Thanks all for the advice!

View More Comments
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2017

Thanks for sharing the resolution, it really helps support our Community!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events