How do I limit project access by groups?

I need to limit access to some projects to users in some groups. What is the easiest way to do this?

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Accepted answer

First, stop thinking about "limit".  JIRA does things permissively - a user can see or do something because their account matches a rule that says "allow this".  There are some options to say "deny this" later, but they have limited use cases.

Secondly, the answer is "roles".  Look at the permission schemes for projects - these say "user matching rule X, can do Y in this project".  For example, it will say things like "Role developers can read, edit and transition issues" and "Role user can create, close and comment on issues".  You could use groups in the permission schemes, but that rapidly becomes a management nightmare because you have to write a new permission scheme for every single variation (which can be one per project)

Once you've established what roles are needed (or not), you can add (or remove) individual users, or groups to allow (or remove access to) the functions defined in the permission scheme.

Hi Nic,

Thanks. The reason I need this is I am required to connect to an LDAP and also import and existing JIRA DB. So I have to make sure the LDAP users and groups have appropriate access. LDAP connection ensures the users are added to the correct groups. The next issue is to make sure the groups have correct access to the existing projects.


Ok, JIRA doesn't actually care where the groups and users come from, apart from when you're configuring the user "directories".  Off the shelf, there's an internal directory for them, but you can add others, and when you have, you'll mostly see the provided users and groups in single lists (e.g, you will see Alice, Bob, Chuck, Dave and Elise as users, without really caring that Alice, Chuck and Elise are from LDAP and Bob and Dave are internal).

So, as long as your permission schemes are right, and your roles contain the right users and groups, you should be fine!

I still don't understand how this works. I have created a role, and everyone can still see everything. HELP! I'm so frustrated!

You need to remove the "everyone can see everything" rule from your permission schemes, and then you can add your single user back in.

Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

90 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you