How do I add a user and allow them access to only one project?

I have created a project and I want to add an existing user to view only that project and no other projects. It seems like the most basic thing to ask for and I've tried to follow all online documentations for 2 h hours now without any success!

I understand it ables you to create complex user permission roles but from a usability point of view this is very frustrating and a complete fail!

2 answers

Comments Closed
This widget could not be displayed.
Joe Pitt Community Champion Sep 18, 2017

JIRA uses the best practice model of granting permission, not restricting it. It sounds like you give the jira-user group access to your projects. Sadly, that is how it comes out of the box. Every user you create, by default, goes into that group. It is the group needed to be able to logon. The first thing is to remove that group from every permission scheme.  I suggest using project roles because it allows the project lead to grant access and project roles are useful in restricting transitions. Depending on how many users and permission schemes you have this could be a fair amount of work, but it will be best in the long run. The only project I give the jira-user group access to is the one that request and tracks changes in JIRA and I only give browse access. 

Hi Joe, thank you for your answer. I just want to add one single user to a project and that person should not be able to view any other projects. I have tried by creating a group where i add the user and then assign the group to the project but without result.

I'm completely stuck with this and can't find any tutorial or examples for just this case. I've tried to follow the guides but they are not helping. It seems like they are outdated.

All the docs and guides are similar, as the access model has not changed hugely since Jira 3.6

The one big change was the defaults in JIRA 7.0 - instead of having a "jira user" group grant login and some project access by default, the groups changed to three "can use application" groups.  This does not significantly change what you have to do though.

You need to unpick the defaults.  Check every permission scheme to see what the access rules are (browse project is the most important rule to read).  If you're close to the defaults, then you should have healthy schemes that say "Browse project: role: user"

Next, go into each project and update the user role.  Add people and groups into it to allow them the access they need, then remove the groups that let you log in.

Finally, you'll then be able to add your single user to the one project you need them in, and they won't get default access to other projects because they are in a login group.

Thank you for your help Nic but I've spent a full day on trying to solve this and i have given up now. I'll cancel my subscription and move another tool! I can't be the only one struggling with this.  

Joe Pitt Community Champion Sep 18, 2017

Most people who have this problem keep thinking of removing permissions to get results. That isn't how JIRA or 'best practices' of security work. You GIVE access. As Nic said, remove all permissions and then give them. I find the easiest way is to create Project Roles and then assign those roles to what they should be able to do. Then have the project lead add users to the roles in their project. The project lead for the desired project simply adds that user to the role the should have.  I advise not user groups for a couple reasons; 1. You can't get the granularity you need like this case and 2. Project leads can manage access to their project without involving the JIRA admin administering groups. 

I understand the frustration, but it is not really that complicated.  You just need to remove the default access and then put people back into their projects via individuals or groups that are not the "can use application" ones.

This widget could not be displayed.

There is a much simpler short term workaround while you implement the correct, and long term more sustainable option which other authors have suggested.

 

  1. Create a new group
  2. Put user in group
  3. Put group into Jira Users global permission
  4. Grant user access to project via Roles.

Thank you for the step-to-step guide! 

I have done #1 and #2, i don't have any "Jira Users". The closest i have is "jira-software-user" and I'm not sure how to add the group i created to that user by looking at this page.

 

a.png

Im sorry but it looks like Global permission for me?

b.png

Ok what want to do it basically give the client (admin) access to a specific project. When client logs in to JIRA they can see all our projects, I only want client to see the project I have assigned them to. It looks like I will now give client access to all JIRA software projects?

 

f.png

Not quite.

Application access means "person can log in"

The project's permission schemes then tell the projects who can see the issues in them.  In the permission scheme, there is a line "browse project".  That lets the users see it.

So, let's say you have a load of projects, one of which is called something like "External".  You have added Terry to "can log in", so now you go read the project permission scheme to see how Terry gets access to "External" - it will hopefully say "Browse projects = role: users", so you can add Terry to that role in the project. 

Then, you want to block his access to other projects.  You need to look at all the other projects to make sure there are no defaulted access for "browse projects = anyone who can log in"

Nic thank you so much for your time and effort trying to help, its really appreciated but I'm giving up now. 

Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Aug 06, 2018 in Jira Service Desk

A is for Activate: Share your top Jira Service Desk onboarding tips for new users!

Hi, everyone! Molly here from the Jira Service Desk Product Marketing Team :).  In the spirit of this month's  august-challenge, we're sourcing stories of Jira Service Desk activation fro...

564 views 25 15
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you