How do I configure private, per-vendor projects?

We're evaluating JIRA cloud and I have some questions about setting up a specific type of project and permission scheme. We are a application/services shop and will have several projects that all of our teams can collaborate openly on.

However, we also need to setup a project-per-vendor where we can invite limited persons from our various vendors to open issues or respond to our questions. I don't want them to see any of our internal projects or other vendors' projects.

I'm worried that the permissions scheme to maintain this kind of setup will become a nightmare... am I right?

We'd have to maintain an internal-users group, a group-per-vendor, and assign permissions/schemes to view projects like:

  • vendor bar project: internal-users, vendor-foo
  • vendor bar project: internal-users, vendor-bar
  • internal project qux: internal-users

 

2 answers

Hi @Anthony Mastrean

You will be pleased to hear that the permissions will not be a nightmare if you configure it right. 

JIRA comes with the concept of user roles on a project. So here is a set of steps for you to work through to make it easy to manage.

 

  1. Add a new role to JIRA "vendor"
  2. Define your shared permissions scheme using is in project role "Vendor" to determine what they can do. Eg Browse/create/edit/add comments etc.
  3. Ensure you also set the appropriate permissions for your internal staff.
  4. Apply your shared permission scheme to each vendor project.
  5. Manage the members of each role for a project to allow them to have access and only access to the right projects.

Couple of things to check 

  1. What is the permission scheme in place for other projects? Make sure this does not include any groups that would allow everyone such as jira-users to see a project.
  2. Make sure that at least the project lead has administer project permission to be able to add people to the different roles.

 

 

This sounds about right, but requires constant maintenance. Every new internal team member has to be explicitly assigned to the correct group and every new project has to be assigned the correct scheme.

I was hoping there was an explicit feature for privatizing a project or limiting a user's view that required explicit action only on those projects/users.

Right.  It can require some overhead.  Like each project does require us to create a new group for stakeholders, but we have one dev group for the majority of our projects, which we just have to assign to the developer role.  Does not typically require us to move people in and out of the dev. group.

Hi @Anthony Mastrean

The management of the approach I suggested is relatively simple (and with the right permissions) is delegated from the system administrator to the project administrator. The only action once it is setup is to add/remove users from the role on the project.

 

Hi Anthony, 

We do this exact thing.  I agree with Phil, if you need really customize what level of permissions you are going to give each vendor, then a role is the best way to do this.  We use a deafult permission scheme, with the default project roles.  We then create groups for each of the project developer and stakeholder groups and assign them the appropriate project role.  I strongly agree with Phil on making sure there are no group or individual permissions assigned in your permission schemes.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,897 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot