How do I limit project access by groups?

I need to limit access to some projects to users in some groups. What is the easiest way to do this?

2 answers

1 accepted

Comments Closed
This widget could not be displayed.

First, stop thinking about "limit".  JIRA does things permissively - a user can see or do something because their account matches a rule that says "allow this".  There are some options to say "deny this" later, but they have limited use cases.

Secondly, the answer is "roles".  Look at the permission schemes for projects - these say "user matching rule X, can do Y in this project".  For example, it will say things like "Role developers can read, edit and transition issues" and "Role user can create, close and comment on issues".  You could use groups in the permission schemes, but that rapidly becomes a management nightmare because you have to write a new permission scheme for every single variation (which can be one per project)

Once you've established what roles are needed (or not), you can add (or remove) individual users, or groups to allow (or remove access to) the functions defined in the permission scheme.

Hi Nic,

Thanks. The reason I need this is I am required to connect to an LDAP and also import and existing JIRA DB. So I have to make sure the LDAP users and groups have appropriate access. LDAP connection ensures the users are added to the correct groups. The next issue is to make sure the groups have correct access to the existing projects.


Ok, JIRA doesn't actually care where the groups and users come from, apart from when you're configuring the user "directories".  Off the shelf, there's an internal directory for them, but you can add others, and when you have, you'll mostly see the provided users and groups in single lists (e.g, you will see Alice, Bob, Chuck, Dave and Elise as users, without really caring that Alice, Chuck and Elise are from LDAP and Bob and Dave are internal).

So, as long as your permission schemes are right, and your roles contain the right users and groups, you should be fine!

This widget could not be displayed.

I still don't understand how this works. I have created a role, and everyone can still see everything. HELP! I'm so frustrated!

You need to remove the "everyone can see everything" rule from your permission schemes, and then you can add your single user back in.

Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

281 views 5 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you