How do I limit project access by groups?

I need to limit access to some projects to users in some groups. What is the easiest way to do this?

2 answers

1 accepted

Comments Closed
0 vote

First, stop thinking about "limit".  JIRA does things permissively - a user can see or do something because their account matches a rule that says "allow this".  There are some options to say "deny this" later, but they have limited use cases.

Secondly, the answer is "roles".  Look at the permission schemes for projects - these say "user matching rule X, can do Y in this project".  For example, it will say things like "Role developers can read, edit and transition issues" and "Role user can create, close and comment on issues".  You could use groups in the permission schemes, but that rapidly becomes a management nightmare because you have to write a new permission scheme for every single variation (which can be one per project)

Once you've established what roles are needed (or not), you can add (or remove) individual users, or groups to allow (or remove access to) the functions defined in the permission scheme.

Hi Nic,

Thanks. The reason I need this is I am required to connect to an LDAP and also import and existing JIRA DB. So I have to make sure the LDAP users and groups have appropriate access. LDAP connection ensures the users are added to the correct groups. The next issue is to make sure the groups have correct access to the existing projects.


Ok, JIRA doesn't actually care where the groups and users come from, apart from when you're configuring the user "directories".  Off the shelf, there's an internal directory for them, but you can add others, and when you have, you'll mostly see the provided users and groups in single lists (e.g, you will see Alice, Bob, Chuck, Dave and Elise as users, without really caring that Alice, Chuck and Elise are from LDAP and Bob and Dave are internal).

So, as long as your permission schemes are right, and your roles contain the right users and groups, you should be fine!

I still don't understand how this works. I have created a role, and everyone can still see everything. HELP! I'm so frustrated!

You need to remove the "everyone can see everything" rule from your permission schemes, and then you can add your single user back in.

Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,276 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot