You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I've created user and added them to a new group. I would like this group (and user) to have Browse projects and Add comments permissions only (I would like to add automatic comments from other soft via a bot).
However when I set Jira access for this user, it automatically inherits all jira-software-users permissions hence has access to everything.
Hello @Wojciech Liwanowski
If you are not a Site Admin or Org Admin for your site you'll need to get one of them to help you debug this.
To have product access to Jira the user must be added to a group that has been granted Product Access to the product through the admin.atlassian.com site.
When a new user is granted access, depending on the method used they may be automatically added to the Default User Group specified to grant product access. That group may be the jira-software-users group. That group may be used in Jira permissions schemes. If the user was automatically added to that group then that would explain how they have acquired that groups permissions.
If you don't want the user to have those permissions, then you need to remove them from that user group.
If that is the only group in Product Access through which the user obtained their Jira product access, then you will have to add them to another group that is or can be used to grant the Product Access. If you are trying to limit their access, then you may need to use a new group, or a group that otherwise isn't used in the Permission Schemes to grant access to other projects.
I am site and org admin, I'm not familiar with jira admin quirks yet :)
I've added group and give it access to Jira.
I've added user to this group and set his permissions to browse projects and add comments only.
According to your answer, I'm grateful for btw, this should do the trick.
Unfortunately this solution doesn't work. Despite user having selected only those two permissions, they can do everything else as well.
What's more, whenever I test whether this user may or may not do anything, they are automatically added to Confluence access.
What are the permission allocations for "everything else" in the Jira project? Have you confirmed that the users does not belong to a group or role allocated those other permissions, and those other permissions are not set to Public, or Any Logged In User?
Are you working with a Team Managed project or a Company Managed project?
If the user is being granted access to other products automatically you should look at the User Access Settings under the Products menu in admin.atlassian.com. In that location you can configure users from domains to be granted access automatically, only with admin approval, or not at all per product.