For the life of me this is driving me nuts. I am trying to give specific users an access so they can only view one project instead of all the ones we have. I have tried all different solutions that was posted but none of them worked. I don't know why something like this is so difficult and frustrating when it is one of the features that people use a lot. Please can someone list step by step instructions as to how to do this?
It's because Atlassian distribute JIRA with an open default model that doesn't suit those of us who need to restrict projects.
By default, there's a group for "users who can log in". jira-users. It's named in the Global Permissions as that. The default permission scheme then says "Browse project: role of users". Those two are fine on their own, but the bit that's wrong is that they then include jira-users in the role of users by default. So every new project is set up with jira-users able to see it.
The best approach is to unpick that. Go to admin -> roles and remove jira-users from the default membership. Then, go over every project and remove jira-users from every "users" role (and, frankly, anywhere else it is used in projects) adding back only the users you want to see that project (via individuals or other groups)
Once that's done, new users will be able to log in, but see nothing until they're explicitly added to the project
Well, the other option is to create a new group called something like jira-login. Add that to the "can log in" global permission, put all your currently active users in it, and then remove jira-users from the global permission. Now you can restrict people by removing them from jira-users and then adding them to only the projects they should see.
It's doing the same thing really, but it's probably quicker than the first description.
Hi Nick, i also need urgently the answer to the same question.
However, the procedure is not clear to me. I lost you at "add that to the login global permission". What do you mean by that? And where do you find "can log in" in the global permission. i don't see it.
Tnx a lot in advance.
I was finally able to do this and hopefully can help you with my steps. So what I did basically was this.
Then you can do the same for another project by just copying the permission scheme that you already created and replace the group with the new group and assign the permission to the new project. Hope this helps! Let me know if you have any questions.
You are in the right screen.
I'm not sure what David means by "any logged user" - JIRA doesn't have that. I think what he's trying to say is to remove the use of any groups in the permission scheme that let people log into JIRA and have been re-used to allow them permissions as well.
As discussed above, the default setup is for the group jira-users to be the "can log in" group. That is set up in the "global permissions" admin setting.
Your permission scheme is actually perfectly fine as it is from what I can see. It does not use groups other than the administration ones, which means
a) You can reuse the scheme in many projects and still have different user access
b) You can delegate the user access to the project owners
So, I would now go and look at the project - in the "roles" for the project, you will find a line for "users" and the "JIRA users" group is likely to be in it. That's what you need to remove. As it's saying "anyone with a login can see this project". You need to replace it with a smaller set of users - those who should have access.
Then repeat this for all the projects making sure your "user who should only have access to one project" is only a user in that one project.
By smaller set of users you mean roles or groups? So let's say from the project roles i have removed JIRA users, but now i need to add a new project role, right? Bcs when i removed the users (JIRA users), the only roles that left is admin and the developers (jira- developers) and the users that i want to put to the project are not developers, meaning i want to put it under a new role (that i will define).. Am i on the right way?
Hope i will eventually set this properly:)
Yes you are on the correct screen. I dont know why you dont see the Any logged user as it was there for me but that is not important now. All you have to do now is assign the group that you created to the permissions you want them to have for that project and then assign that scheme to that project.
Hope it helps!
>By smaller set of users you mean roles or groups?
Yes, you have got that absolutely right. When you remove "JIRA users", that stops most/all people from seeing the project. So you need to add back the users and/or groups into the roles to allow them to use the project.
For your new role, yes, add the role, then go to the projects and add users and groups to it.
Thank you Nick.
So what i did, I created a new role (on a global level) and added a group that i linked to the role.
However, it is not clear to me, how do i now add the role to the project. I do not see this option. I only see an option to add new users to the existing roles.
Please let me know
You've already done it from what you have said
> I created a new role (on a global level)
Ok, great. A role is a global artefact that appears for all projects. You don't need to "add" it anywhere.
>and added a group that i linked to the role.
There are two ways to add a group to a role - there's the default (which means "when I create a new project, put this group in the project role automatically), and the project user maintenance, under porject admin -> roles. If your new role is not appearing in there, then you have not added it.
Your first screenshot is of the default membership of the role, as I mentioned earlier.
Your second screenshot is the project view of current members. Try clicking "add users to role" in there and you'll get the edit version (slightly misleading as it also lets you remove people from roles, and work with groups)
I managed it.
I have added a new role with the group of the selected users to the specific project. (after removing the jira-user role).
Then i have logged in as a user that is not in the group of users that where added to the new role, and i expected that that user wouldn't be able to preview that project, however, this didn't happen.
What did i do wrong? I did all what you suggested.
Please let me know.
I didn't understand i needed a new permission scheme. Now i created it, removed the JIRA users from the browse project line, and finally, when logged in with the user that is not added to the group in the new role i don't see the project:)
My additional question is, if the JIRA user group though still exists in issues permission, attachment permission, comments permission in the new permission scheme, do i need to remove it also from there, or it is enough just to remove it from the browse project line?
You should remove it really. It's quite hard to comment or attach on something you can't see, but you can do it if you have the permissions. An example might be that if you enable incoming email and someone who cannot see ABC-123 sends JIRA an email with a subject like "I can't see ABC-123", then that will be imported as a comment, despite the user not being able to see it!
The problem is probably that the explanation explains what is going on as well as how to change it.
If you don't understand the underlying problem, then it's going to be very hard to fix it, especially if your requirements are not exactly the same as the situation a particular guide is written for.
So, yes, this is for Cloud, but I suggest you go back to the original answer and forget the comments. Try to follow the outlined instructions there (lots of other people have, and it's worked for them)
This is the height of insanity. I wonder how many people just leave because of this one stupid simple operation that is more convoluted than I ever thought possible. I'd love to use JIRA but need a simple way to have users confined to specific projects. I've yet to see (after most of a complete day trying) a step by step on how to accomplish this. Even the first comment here 'go to admin-> roles' Admin where??? What a fucked up system
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
@Rachel Wright (Jira Genie), @Billy Poggi (AUG NOVA, DC), and @Dana Jansen (Confluence Queen) are just some of the folks that lead one of the world's most active Atlassian User Group (AUG)....
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs