I have created a project and I want to add an existing user to view only that project and no other projects. It seems like the most basic thing to ask for and I've tried to follow all online documentations for 2 h hours now without any success!
I understand it ables you to create complex user permission roles but from a usability point of view this is very frustrating and a complete fail!
JIRA uses the best practice model of granting permission, not restricting it. It sounds like you give the jira-user group access to your projects. Sadly, that is how it comes out of the box. Every user you create, by default, goes into that group. It is the group needed to be able to logon. The first thing is to remove that group from every permission scheme. I suggest using project roles because it allows the project lead to grant access and project roles are useful in restricting transitions. Depending on how many users and permission schemes you have this could be a fair amount of work, but it will be best in the long run. The only project I give the jira-user group access to is the one that request and tracks changes in JIRA and I only give browse access.
Hi Joe, thank you for your answer. I just want to add one single user to a project and that person should not be able to view any other projects. I have tried by creating a group where i add the user and then assign the group to the project but without result.
I'm completely stuck with this and can't find any tutorial or examples for just this case. I've tried to follow the guides but they are not helping. It seems like they are outdated.
All the docs and guides are similar, as the access model has not changed hugely since Jira 3.6
The one big change was the defaults in JIRA 7.0 - instead of having a "jira user" group grant login and some project access by default, the groups changed to three "can use application" groups. This does not significantly change what you have to do though.
You need to unpick the defaults. Check every permission scheme to see what the access rules are (browse project is the most important rule to read). If you're close to the defaults, then you should have healthy schemes that say "Browse project: role: user"
Next, go into each project and update the user role. Add people and groups into it to allow them the access they need, then remove the groups that let you log in.
Finally, you'll then be able to add your single user to the one project you need them in, and they won't get default access to other projects because they are in a login group.
Most people who have this problem keep thinking of removing permissions to get results. That isn't how JIRA or 'best practices' of security work. You GIVE access. As Nic said, remove all permissions and then give them. I find the easiest way is to create Project Roles and then assign those roles to what they should be able to do. Then have the project lead add users to the roles in their project. The project lead for the desired project simply adds that user to the role the should have. I advise not user groups for a couple reasons; 1. You can't get the granularity you need like this case and 2. Project leads can manage access to their project without involving the JIRA admin administering groups.
There is a much simpler short term workaround while you implement the correct, and long term more sustainable option which other authors have suggested.
You need Global Permissions, not Permission Scheme.
Ok what want to do it basically give the client (admin) access to a specific project. When client logs in to JIRA they can see all our projects, I only want client to see the project I have assigned them to. It looks like I will now give client access to all JIRA software projects?
Application access means "person can log in"
The project's permission schemes then tell the projects who can see the issues in them. In the permission scheme, there is a line "browse project". That lets the users see it.
So, let's say you have a load of projects, one of which is called something like "External". You have added Terry to "can log in", so now you go read the project permission scheme to see how Terry gets access to "External" - it will hopefully say "Browse projects = role: users", so you can add Terry to that role in the project.
Then, you want to block his access to other projects. You need to look at all the other projects to make sure there are no defaulted access for "browse projects = anyone who can log in"
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
@Rachel Wright (Jira Genie), @Billy Poggi (AUG NOVA, DC), and @Dana Jansen (Confluence Queen) are just some of the folks that lead one of the world's most active Atlassian User Group (AUG)....
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs