I have multiple projects, but not all users work on all projects. I only want a specifc user to see and access only the project he is assigned to. How do I do this?
To expand in a bit more detail. Here is how you get from a given User, to Permissions at the Project level.
We have 8 different Roles set up in JIRA; Administrators, Analysts, Developers, Managers, QA, Source, Users, Clients. To Add/Edit/Remove Roles, use shortcut g+g and type Roles.
Most of our Permission Schemes are set up using Project Roles exclusively. There are a few exceptions that use Current Assignee , such as Edit Issues permission will commonly have:
While the Close Issues permission will have:
After you have your Roles and Permission scheme setup, and locked down to your needs, what you do next is up to you. You have two options from here.
1. Remove the Groups from the Roles section of a project, and add specific users to each role on a per project basis
2. Create project Groups, add these groups to the Project Roles, and add users to these groups.
#1 will require a bit more maintanence. In order to keep track of who is assigned on which project, the administrator will have to navigate to each project individually and look at the Roles section, and see who is listed where. Any changes needed across multiple projects is a bit daunting.
#2 has a bit more set up, but is easier to maintain, because you can see who has access to all, or any given project from a single screen (User Management), and make changes there. Want to add a new QA hire to 6 out of 15 projects? Simply bring up that user, click Add Group, CTRL+Click all of groups who's permissions corrilate to each of the projects you want, and click Add. You've just added that user to 6 projects, and given them the exact permissions they need on each of those projects at the same time. Need to restrict visibility of a project? Simply remove that user from those corresponding groups.
We use model # 2 for our business. We maintain it by using the Project Key as part of the group name. For example, if we have a project called Operations, we use OPS-Admin, OPS-Analysts, OPS-Dev, etc, as the group names, one for each of the Project Roles. In our model, we typically assign out 2 groups per user. The OPS-User group will give the ability to browse the project OPS, along with create issues, add attachments, comments, and so on (based on our Permission Scheme setup). And, we also give them the group for the specific role they are fulfilling, such as OPS-Dev if they are a developer.
Remove ALL access to projects that is done via "can log in" (look in global permissions to find out what goups are named in "can log in" - by default, it's "jira users").
Then rebuild everyone's general access using other groups or roles, except for this one user.
I ran into this topic while searching for something else. Recently I've been testing this against the old view. For the old view, what I can say is that I've found this to be true:
IF you grant PROJECT SCHEME PERMISSION > BROWSE PROJECT
to the GROUP these users are in (any group)
because of PERMISSION SCHEMES are SHARED, GROUP members can see EVERY PROJECT sharing that SCHEME,
EVEN IF that GROUP has NO GRANT to the global BROWSE permission.
ELSE they see only their own projects.
IF you apply PROJECT PERMISSION > BROWSE PROJECT
to the ROLE
the user has to be in the PROJECT with THAT ROLE to see a project they are ASSIGNED TO
and CANNOT VIEW OTHER PROJECTS, even if the PERMISSION SCHEME is shared by multiple projects UNLESS the user is a member of some of those other projects also.
* I have not tested how this config behaves if the user is a member of two projects with the same permission scheme, but user is in two different roles, one that allows browse project at the role level and one that does not.
*NOTE: IF you remove all of the user's GROUPS from GLOBAL BROWSE capabilities, they will not be able to @MENTION any users in comments, or from what I can tell, see users in system-default user-based drop downs. It's a JIRA limitation that the community can't seem to find a workaround for.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event