Hi,
I added two new users, but did not give them access to any projects. However, they are able to get full administrative view of my business projects... which I don't want them to see.
Can anyone tell me how to prevent this?
Thanks
Thanks, I only see this on Business Boards. If this is a common error, then I suggest that Atlassian amends this asap.
Thank you both for your responses.
There really isn't a fix. It clearly states how permissions are given and the jira-users group allows people to logon. It often comes up after they've been using JIRA for awhile and decide they don't want everyone to see a new project. The standard best practice security model is only allow access when needed, not give universal access and then restrict. However, this is how too many JIRA admins think.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The most common error is adding the jira-users group to the permission scheme. JIRA works on a Permit, not Restrict model. You GIVE permissions. You can't deny access. I suggest project roles. It allows the project admin to manage access.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your permission scheme is giving them full admin views, you'll need to amend the permission scheme or the user accounts to remove that access.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.