Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I prevent users from seeing/accessing projects that they are not assigned to?

Jay Dalke
Jay Dalke February 9, 2014

I have multiple projects, but not all users work on all projects. I only want a specifc user to see and access only the project he is assigned to. How do I do this?

Answer
Watch
Like Be the first to like this
5803 views

5 answers

4 votes
David G
David G February 10, 2014

To expand in a bit more detail. Here is how you get from a given User, to Permissions at the Project level.

  • Users --> Groups --> Role --> Permissions

We have 8 different Roles set up in JIRA; Administrators, Analysts, Developers, Managers, QA, Source, Users, Clients. To Add/Edit/Remove Roles, use shortcut g+g and type Roles.

Most of our Permission Schemes are set up using Project Roles exclusively. There are a few exceptions that use Current Assignee , such as Edit Issues permission will commonly have:

  • Project Role (Administrators)
  • Project Role (Analysts)
  • Project Role (Developers)
  • Project Role (QA)
  • Current Assignee

While the Close Issues permission will have:

  • Project Role (Administrators)
  • Project Role (Analysts)
  • Project Role (QA)

After you have your Roles and Permission scheme setup, and locked down to your needs, what you do next is up to you. You have two options from here.

1. Remove the Groups from the Roles section of a project, and add specific users to each role on a per project basis

or

2. Create project Groups, add these groups to the Project Roles, and add users to these groups.

#1 will require a bit more maintanence. In order to keep track of who is assigned on which project, the administrator will have to navigate to each project individually and look at the Roles section, and see who is listed where. Any changes needed across multiple projects is a bit daunting.

#2 has a bit more set up, but is easier to maintain, because you can see who has access to all, or any given project from a single screen (User Management), and make changes there. Want to add a new QA hire to 6 out of 15 projects? Simply bring up that user, click Add Group, CTRL+Click all of groups who's permissions corrilate to each of the projects you want, and click Add. You've just added that user to 6 projects, and given them the exact permissions they need on each of those projects at the same time. Need to restrict visibility of a project? Simply remove that user from those corresponding groups.

We use model # 2 for our business. We maintain it by using the Project Key as part of the group name. For example, if we have a project called Operations, we use OPS-Admin, OPS-Analysts, OPS-Dev, etc, as the group names, one for each of the Project Roles. In our model, we typically assign out 2 groups per user. The OPS-User group will give the ability to browse the project OPS, along with create issues, add attachments, comments, and so on (based on our Permission Scheme setup). And, we also give them the group for the specific role they are fulfilling, such as OPS-Dev if they are a developer.

Reply
2 votes
ssb
ssb June 21, 2018

Someone has an answer for this topic?

Reply
1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 9, 2014

Remove ALL access to projects that is done via "can log in" (look in global permissions to find out what goups are named in "can log in" - by default, it's "jira users").

Then rebuild everyone's general access using other groups or roles, except for this one user.

Reply
0 votes
Alis-Hathway Ward (DO NOT USE)
Alis-Hathway Ward (DO NOT USE) December 13, 2019

I ran into this topic while searching for something else. Recently I've been testing this against the old view. For the old view, what I can say is that I've found this to be true: 

IF you grant PROJECT SCHEME PERMISSION > BROWSE PROJECT
to the GROUP these users are in (any group)
because of PERMISSION SCHEMES are SHARED, GROUP members can see EVERY PROJECT sharing that SCHEME,
EVEN IF that GROUP has NO GRANT to the global BROWSE permission.
ELSE they see only their own projects.

IF you apply PROJECT PERMISSION > BROWSE PROJECT
to the ROLE
the user has to be in the PROJECT with THAT ROLE to see a project they are ASSIGNED TO
and CANNOT VIEW OTHER PROJECTS, even if the PERMISSION SCHEME is shared by multiple projects UNLESS the user is a member of some of those other projects also.
* I have not tested how this config behaves if the user is a member of two projects with the same permission scheme, but user is in two different roles, one that allows browse project at the role level and one that does not.

*NOTE: IF you remove all of the user's GROUPS from GLOBAL BROWSE capabilities, they will not be able to @MENTION any users in comments, or from what I can tell, see users in system-default user-based drop downs. It's a JIRA limitation that the community can't seem to find a workaround for.

Reply
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events